* fix: CSRF check fails behind reverse proxy on non-standard ports
When serving behind a reverse proxy (e.g. Nginx Proxy Manager) on a
non-standard port like 8000, the browser sends
`Origin: https://example.com:8000` but the proxy forwards `Host: example.com`
(without the port). The existing CSRF check compared these as raw strings,
causing all POST requests to be rejected with 403.
This commit:
- Adds `_normalize_host_port()` to properly parse host:port pairs (incl. IPv6)
- Adds `_ports_match()` that treats absent port as equivalent to 80/443
- Adds `HERMES_WEBUI_ALLOWED_ORIGINS` env var for explicitly trusting origins
when port normalization alone isn't sufficient (e.g. port 8000)
- Adds unit tests covering port normalization, allowlist, and rejection cases
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: CSRF port normalization — scheme-aware, allowlist validation, 29 tests (#360)
api/routes.py:
- _normalize_host_port(): parse host:port including IPv6 bracket notation
- _ports_match(scheme, origin_port, allowed_port): scheme-aware — http absent=:80,
https absent=:443; prevents cross-protocol false match (http://host:80 no
longer passes for https://host:443 server)
- _allowed_public_origins(): parse HERMES_WEBUI_ALLOWED_ORIGINS env var;
warn and skip entries missing scheme prefix
- _check_csrf(): extract origin scheme, pass to _ports_match; add origin_scheme
tests/test_sprint29.py: 29 new tests (5 from PR + 24 added in review)
- Unit tests for _normalize_host_port and _ports_match helpers
- Cross-protocol rejection (http vs https default ports)
- Explicit :80 / :443 same-origin pass
- Non-default port rejection
- Bug scenario with/without allowlist
- Comma-separated allowlist
- No-scheme allowlist warning
- Trailing-slash normalization
CHANGELOG.md: v0.50.16 entry; 900 tests total (up from 871)
---------
Co-authored-by: liangxu.5 <liangxu.5@bytedance.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-authored-by: Nathan Esquenazi <nesquena@gmail.com>
* fix: broaden session ID validator to support new hermes-agent format
* test: add more path traversal evil IDs to session validator test
Add null byte, backslash, forward slash, and dot-extension variants
to the rejected session ID test to cover additional attack vectors.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: Nathan Esquenazi <nesquena@gmail.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add two new settings (both default off):
- sound_enabled: plays a short tone via Web Audio API when assistant
finishes a response or requests approval
- notifications_enabled: shows a browser notification when a response
completes while the tab is in the background
Uses Web Audio API (oscillator) instead of bundled MP3 file — zero
additional assets. Follows the standard 4-file settings pattern.
Also skip test_valid_skill_accepted when hermes-agent not installed
(skills endpoint returns 500 without the agent module).
Inspired by #176 (DavidSchuchert)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
