let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

fix: gate ngrok free-tier bypass to loopback

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-26 22:26:22 +00:00
parent fe1f2d971a
commit b3a60af71c
14 changed files with 94 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/plugins/voice-call.md
View File

@@ -104,6 +104,7 @@ Notes:
- `mock` is a local dev provider (no network calls).
- `skipSignatureVerification` is for local testing only.
- If you use ngrok free tier, set `publicUrl` to the exact ngrok URL; signature verification is always enforced.
- `tunnel.allowNgrokFreeTierLoopbackBypass: true` allows Twilio webhooks with invalid signatures **only** when `tunnel.provider="ngrok"` and `serve.bind` is loopback (ngrok local agent). Use for local dev only.
- Ngrok free tier URLs can change or add interstitial behavior; if `publicUrl` drifts, Twilio signatures will fail. For production, prefer a stable domain or Tailscale funnel.
## TTS for calls