fix: replace crypto.randomUUID with compatible helper for HTTP contexts#29
Open
yuhp wants to merge 2 commits intoibelick:mainfrom
Open
fix: replace crypto.randomUUID with compatible helper for HTTP contexts#29yuhp wants to merge 2 commits intoibelick:mainfrom
yuhp wants to merge 2 commits intoibelick:mainfrom
Conversation
ibelick
reviewed
Feb 14, 2026
| return window.crypto.randomUUID() | ||
| } | ||
|
|
||
| // Fallback for insecure contexts (e.g. HTTP on LAN) |
Owner
There was a problem hiding this comment.
could we switch the fallback to use crypto.getRandomValues instead of Math.random?
samgibson-bot
pushed a commit
to samgibson-bot/gold-dashboard
that referenced
this pull request
Feb 18, 2026
…r LAN/HTTP contexts Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Merged
7 tasks
samgibson-bot
added a commit
to samgibson-bot/gold-dashboard
that referenced
this pull request
Feb 18, 2026
…belick#27, ibelick#14, #4, ibelick#29 * feat: PR ibelick#32 — device auth for OpenClaw v2026.2.14+ compatibility - Add Ed25519 keypair generation, persistence (.device-keys.json, 0o600) - Sign connect payload (v1|deviceId|clientId|...) via loadOrCreateDeviceIdentity - Include device field in ConnectParams for all connection paths - Handle WS close code 1008 with actionable log + device ID - Graceful fallback if auth fails: connect proceeds without device field - Preserve: 30s timeout, getGatewayScopes(), connection reuse cache - Add PR ibelick#26 streaming infrastructure: gatewayRpcShared, acquireGatewayClient, gatewayEventStream, createGatewayClient - Exclude .device-keys.json from git Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * feat: PR ibelick#15 — slim Shiki bundle via createHighlighterCore Replace createHighlighter with createHighlighterCore + JS regex engine. Pre-load 29 explicit languages at init instead of dynamic loadLanguage(). Replace bundledLanguages import with SUPPORTED_LANGUAGES Set in utils.ts. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * feat: PR ibelick#26 — /api/stream SSE endpoint with sanitizeError in catch Add Server-Sent Events stream route using acquireGatewayClient. All error paths use sanitizeError(). Heartbeat every 15s. Update routeTree.gen.ts with full ApiStreamRoute registration. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * feat: PR ibelick#27 — streamdown replaces react-markdown Remove react-markdown, marked, remark-gfm, remark-breaks. Rewrite markdown.tsx using Streamdown component. PRESERVED: javascript: protocol blocking in a component (safeHref logic). Add ThinkingLevel type and thinkingLevel setting to ChatSettings. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * feat: PR ibelick#14 — pin sessions with localStorage persistence Add usePinnedSessionsStore (Zustand + persist) in use-pinned-sessions.ts. Update SessionItem with isPinned prop + onTogglePin callback + PinIcon button. Update SidebarSessions to split pinned/unpinned with divider separator. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * feat: PR #4 — image attachments with canvas compression and 5MB limit Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * feat: PR ibelick#29 — randomUUID utility with Math.random fallback for LAN/HTTP contexts Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * fix: PR ibelick#15 — use bundledThemes/bundledLanguages from shiki instead of @shikijs/* subpaths Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * chore: update routeTree.gen.ts after build (route order normalized) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: Nathen McVittie <nathenmcvittie@gmail.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This PR fixes a crash when accessing the application over a local network (LAN) via HTTP (e.g.,
http://192.168.1.x:3000).The Issue
The native
crypto.randomUUID()method is restricted to Secure Contexts (HTTPS or localhost). When running the app in a development environment or self-hosted setup accessed via a local IP address, the browser disables this API, resulting in the following error:The Fix
I added a
randomUUIDhelper function insrc/lib/utils.tsthat:window.crypto.randomUUIDis available.I then replaced all direct usages of
crypto.randomUUID()with this new helper in:apps/webclaw/src/screens/chat/chat-screen.tsxapps/webclaw/src/screens/chat/chat-screen-utils.tsapps/webclaw/src/components/attachment-button.tsxType of Change
How to Test
pnpm dev).http://192.168.x.x:3000) instead oflocalhost.Before fix:
crypto.randomUUID is not a function.After fix: