LLM/moltbot
1
0
Fork 0
mirror of https://github.com/moltbot/moltbot.git synced 2026-04-26 07:57:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden voice-call webhook verification

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-03 23:46:54 -08:00
parent fa4b28d7af
commit a749db9820
11 changed files with 495 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/platforms/fly.md
View File

@@ -446,7 +446,10 @@ Example voice-call config with ngrok:
"enabled": true,
"config": {
"provider": "twilio",
"tunnel": { "provider": "ngrok" }
"tunnel": { "provider": "ngrok" },
"webhookSecurity": {
"allowedHosts": ["example.ngrok.app"]
}
}
}
}
@@ -454,7 +457,7 @@ Example voice-call config with ngrok:
}
```
The ngrok tunnel runs inside the container and provides a public webhook URL without exposing the Fly app itself.
The ngrok tunnel runs inside the container and provides a public webhook URL without exposing the Fly app itself. Set `webhookSecurity.allowedHosts` to the public tunnel hostname so forwarded host headers are accepted.
### Security benefits