我要评分
获取效率
正确性
完整性
易理解

Do Not Allow Insecure Authentication

Exercise caution when configuring whether to allow token-based login to the Web UI over HTTP. If this option is set to true, tokens and communication content will be transmitted in plaintext, making them vulnerable to eavesdropping. The default value of this option is false. If access is limited to the local host, retain the default setting. If public network access is required, configure a certificate and enable HTTPS to ensure communication security.

Procedure

Disable authentication over plaintext HTTP at the OpenClaw gateway:
openclaw config set gateway.controlUi.allowInsecureAuth false