Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(gateway): allow microphone access for control-ui STT (#51085)

Browse Source 
The Permissions-Policy header blocked microphone=() for all origins,
preventing the built-in STT mic button in control-ui chat from working.
The Web Speech API's SpeechRecognition.start() fails silently with:
  'Permissions policy violation: microphone is not allowed in this document'

Change microphone=() to microphone=(self) so the gateway's own origin
can request mic access while still blocking third-party iframes.

Closes #51085
This commit is contained in:
HollyChou 2026-03-20 23:45:14 +08:00
parent 41eef15cdc
commit e54c6f8334
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/gateway/http-common.ts
View File

@ -14,7 +14,7 @@ export function setDefaultSecurityHeaders(
) {
res.setHeader("X-Content-Type-Options", "nosniff");
res.setHeader("Referrer-Policy", "no-referrer");
res.setHeader("Permissions-Policy", "camera=(), microphone=(), geolocation=()");
res.setHeader("Permissions-Policy", "camera=(), microphone=(self), geolocation=()");
const strictTransportSecurity = opts?.strictTransportSecurity;
if (typeof strictTransportSecurity === "string" && strictTransportSecurity.length > 0) {
res.setHeader("Strict-Transport-Security", strictTransportSecurity);