Skip to content

fix(security): validate Origin header on WebSocket /run_live endpoint#4943

Closed
luskabolas wants to merge 1 commit intogoogle:mainfrom
luskabolas:fix/websocket-origin-validation
Closed

fix(security): validate Origin header on WebSocket /run_live endpoint#4943
luskabolas wants to merge 1 commit intogoogle:mainfrom
luskabolas:fix/websocket-origin-validation

Conversation

@luskabolas
Copy link

@luskabolas luskabolas commented Mar 21, 2026
edited
Loading

Summary

  • The /run_live WebSocket endpoint does not validate the Origin header, allowing cross-origin WebSocket connections from any webpage
  • A malicious page can exploit this to upload a crafted agent via /builder/save (CORS-exempt simple POST) and trigger its execution through the WebSocket, achieving remote code execution
  • This PR adds server-side Origin validation on the WebSocket handler, derived from the server's host/port and any user-provided --allow_origins values

Test plan

  • test_ws_rejects_cross_origin — foreign origin is closed with code 1008
  • test_ws_allows_same_origin — server's own origin is not rejected
  • All 45 existing tests pass

fix(security): validate Origin header on WebSocket /run_live endpoint
b7d6e54 
The /run_live WebSocket endpoint does not validate the Origin header,
allowing a malicious webpage to establish cross-origin WebSocket
connections to the local dev server. Combined with the ability to
upload agent files via /builder/save (which uses simple POST requests
that bypass CORS preflight), this enables a CSRF-to-RCE attack chain
where an attacker's page can upload a malicious agent and trigger its
execution via WebSocket.

Add server-side Origin validation on the /run_live WebSocket handler.
The allowed origins are derived from the server's host/port and any
user-provided --allow_origins values. This prevents cross-origin
WebSocket hijacking while preserving legitimate same-origin access.
@google-cla
Copy link

google-cla bot commented Mar 21, 2026

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@adk-bot adk-bot added the web [Component] This issue will be transferred to adk-web label Mar 21, 2026
@adk-bot
Copy link
Collaborator

adk-bot commented Mar 21, 2026

Response from ADK Triaging Agent

Hello @luskabolas, thank you for creating this PR!

Before we can merge this PR, you'll need to sign our Contributor License Agreement (CLA). You can do so at https://cla.developers.google.com/.

Additionally, this PR is a bug fix. Could you please associate a GitHub issue with this PR? If there is no existing issue, could you please create one?

This information will help us to review your PR more efficiently. Thanks!

@luskabolas
Copy link
Author

luskabolas commented Mar 21, 2026

@googlebot I signed it.

@luskabolas luskabolas closed this Mar 21, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

web [Component] This issue will be transferred to adk-web

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@luskabolas @adk-bot