Issue Station
Sign In
Tools hereToolbox

openclaw - ✅(Solved) Fix [Bug]: Matrix plugin ignores dangerouslyAllowPrivateNetwork config key, self-hosted LAN homeservers cannot connect [1 pull requests, 1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
openclaw/openclaw#68299Fetched 2026-04-18 05:53:13
View on GitHub
Comments
0
Participants
1
Timeline
8
Reactions
0
Author
nickiannickian
Participants
nickiannickian
Timeline (top)
referenced ×4labeled ×2closed ×1cross-referenced ×1

The Matrix plugin's createMatrixClient does not accept or forward any SSRF policy parameter, so the channels.matrix.network.dangerouslyAllowPrivateNetwork config key defined in the schema has no effect and connections to homeservers resolving to private IPs fail with "Blocked: resolves to private/internal/special-use IP address".

Error Message

The SSRF gate raising the error is located in the shared plugin SDK at dist/plugin-sdk/ssrf-*.js, which reads policy?.dangerouslyAllowPrivateNetwork and policy?.allowPrivateNetwork via resolveAllowPrivateNetwork(params.policy). Because the Matrix plugin never passes a policy object through this code path, neither channels.matrix.network.dangerouslyAllowPrivateNetwork nor the per-account accounts.*.network.dangerouslyAllowPrivateNetwork has any effect. The SSRF gate raising the error is located in the shared plugin SDK at dist/plugin-sdk/ssrf-*.js, which reads policy?.dangerouslyAllowPrivateNetwork and policy?.allowPrivateNetwork via resolveAllowPrivateNetwork(params.policy). Because the Matrix plugin never passes a policy object through this code path, neither channels.matrix.network.dangerouslyAllowPrivateNetwork nor the per-account accounts.*.network.dangerouslyAllowPrivateNetwork has any effect.

Root Cause

The SSRF gate raising the error is located in the shared plugin SDK at dist/plugin-sdk/ssrf-*.js, which reads policy?.dangerouslyAllowPrivateNetwork and policy?.allowPrivateNetwork via resolveAllowPrivateNetwork(params.policy). Because the Matrix plugin never passes a policy object through this code path, neither channels.matrix.network.dangerouslyAllowPrivateNetwork nor the per-account accounts.*.network.dangerouslyAllowPrivateNetwork has any effect.

Fix Action

Fix / Workaround

Severity: Blocks workflow. The Matrix channel cannot be used at all when pointed at a self-hosted homeserver on a private network. No config change or documented workaround resolves it; only workarounds that remove the private-IP condition entirely (e.g. exposing the homeserver publicly via a Cloudflare tunnel) restore functionality.

PR fix notes

PR #68332: Matrix: forward dangerouslyAllowPrivateNetwork config to client SSRF policy

Description (problem / solution / changelog)

Fixes #68299

Problem: createMatrixClient ignores the network.dangerouslyAllowPrivateNetwork configuration, so self-hosted Matrix homeservers on private IPs (192.168.x.x, localhost, etc.) are blocked with resolves to private/internal/special-use IP address.

Fix: When no explicit ssrfPolicy is provided, derive it from the allowPrivateNetwork config via ssrfPolicyFromDangerouslyAllowPrivateNetwork(), matching the pattern used by other extensions.

Changes:

  • extensions/matrix/src/matrix/client/create-client.ts: Fall back to ssrfPolicyFromDangerouslyAllowPrivateNetwork(params.allowPrivateNetwork) when ssrfPolicy is not set
  • Added tests verifying the fallback behavior

Changed files

  • CHANGELOG.md (modified, +1/-0)
  • extensions/matrix/src/matrix/client/create-client.test.ts (modified, +55/-0)
  • extensions/matrix/src/matrix/client/create-client.ts (modified, +6/-2)

Code Example

"channels": {
     "matrix": {
       "enabled": true,
       "network": {
         "dangerouslyAllowPrivateNetwork": true
       },
       "accounts": {
         "default": {
           "homeserver": "https://matrix.example.local",
           "accessToken": "<valid token>",
           "network": {
             "dangerouslyAllowPrivateNetwork": true
           }
         }
       }
     }
   }

---
RAW_BUFFERClick to expand / collapse

Bug type

Regression (worked before, now fails)

Beta release blocker

No

Summary

The Matrix plugin's createMatrixClient does not accept or forward any SSRF policy parameter, so the channels.matrix.network.dangerouslyAllowPrivateNetwork config key defined in the schema has no effect and connections to homeservers resolving to private IPs fail with "Blocked: resolves to private/internal/special-use IP address".

Steps to reproduce

  1. Run a Matrix homeserver (e.g. Conduit/Continuwuity/Synapse) at a hostname that resolves to a private IP (RFC1918, loopback, etc.) — for example matrix.example.local192.168.x.x or localhost.

  2. In ~/.openclaw/openclaw.json, configure the Matrix channel pointing at that homeserver:

   "channels": {
     "matrix": {
       "enabled": true,
       "network": {
         "dangerouslyAllowPrivateNetwork": true
       },
       "accounts": {
         "default": {
           "homeserver": "https://matrix.example.local",
           "accessToken": "<valid token>",
           "network": {
             "dangerouslyAllowPrivateNetwork": true
           }
         }
       }
     }
   }

  1. Run openclaw doctor — config validates successfully with no schema errors.

  2. Run openclaw gateway restart.

  3. Observe in the dashboard (Channels > Matrix) or openclaw doctor output: Matrix: failed (unknown) - Blocked: resolves to private/internal/special-use IP address

Expected: With dangerouslyAllowPrivateNetwork: true set, the Matrix plugin should connect to the homeserver. Actual: The plugin blocks the connection regardless of the config value.

Expected behavior

The Matrix plugin fails to connect to homeservers resolving to private IPs regardless of the dangerouslyAllowPrivateNetwork config value. The dashboard (Channels > Matrix) and openclaw doctor report:

Matrix: failed (unknown) - Blocked: resolves to private/internal/special-use IP address

Inspection of the plugin source at extensions/matrix/src/matrix/client/create-client.ts shows that createMatrixClient accepts only homeserver, userId, accessToken, encryption, localTimeoutMs, and accountId — no policy/network/allowPrivateNetwork parameter is accepted or forwarded to the @vector-im/matrix-bot-sdk MatrixClient constructor.

The SSRF gate raising the error is located in the shared plugin SDK at dist/plugin-sdk/ssrf-*.js, which reads policy?.dangerouslyAllowPrivateNetwork and policy?.allowPrivateNetwork via resolveAllowPrivateNetwork(params.policy). Because the Matrix plugin never passes a policy object through this code path, neither channels.matrix.network.dangerouslyAllowPrivateNetwork nor the per-account accounts.*.network.dangerouslyAllowPrivateNetwork has any effect.

Grepping the Matrix extension for dangerouslyAllowPrivateNetwork, allowPrivateNetwork, ssrf, or "resolves to private" returns no matches in non-test source, confirming the plugin has no integration with the SSRF policy layer.

Actual behavior

The Matrix plugin fails to connect to homeservers resolving to private IPs regardless of the dangerouslyAllowPrivateNetwork config value. The dashboard (Channels > Matrix) and openclaw doctor report:

Matrix: failed (unknown) - Blocked: resolves to private/internal/special-use IP address

Inspection of the plugin source at extensions/matrix/src/matrix/client/create-client.ts shows that createMatrixClient accepts only homeserver, userId, accessToken, encryption, localTimeoutMs, and accountId — no policy/network/allowPrivateNetwork parameter is accepted or forwarded to the @vector-im/matrix-bot-sdk MatrixClient constructor.

The SSRF gate raising the error is located in the shared plugin SDK at dist/plugin-sdk/ssrf-*.js, which reads policy?.dangerouslyAllowPrivateNetwork and policy?.allowPrivateNetwork via resolveAllowPrivateNetwork(params.policy). Because the Matrix plugin never passes a policy object through this code path, neither channels.matrix.network.dangerouslyAllowPrivateNetwork nor the per-account accounts.*.network.dangerouslyAllowPrivateNetwork has any effect.

Grepping the Matrix extension for dangerouslyAllowPrivateNetwork, allowPrivateNetwork, ssrf, or "resolves to private" returns no matches in non-test source, confirming the plugin has no integration with the SSRF policy layer.

OpenClaw version

2026.4.14 (323493f)

Operating system

MacOS 15.7.3

Install method

npm global

Model

Not relevant

Provider / routing chain

Not relevant

Additional provider/model setup details

No response

Logs, screenshots, and evidence

Impact and severity

Affected users/systems/channels: Self-hosted users running a Matrix homeserver on a private/LAN IP address (RFC1918, loopback, .local, etc.) and configuring the OpenClaw Matrix channel to connect to it. Any homeserver resolving to a non-public IP is affected — whether reached by hostname or IP.

Severity: Blocks workflow. The Matrix channel cannot be used at all when pointed at a self-hosted homeserver on a private network. No config change or documented workaround resolves it; only workarounds that remove the private-IP condition entirely (e.g. exposing the homeserver publicly via a Cloudflare tunnel) restore functionality.

Frequency: Always reproducible. Occurs on every connection attempt regardless of which account or homeserver is configured, as long as DNS resolves to a private-range address.

Consequence: The Matrix channel is fully non-functional for self-hosted Matrix deployments on LAN, which is a primary use case for self-hosted OpenClaw users. Affected users must either expose their homeserver to the public internet (adding infrastructure complexity and attack surface) or abandon the Matrix channel entirely.

Additional information

No response

extent analysis

TL;DR

The Matrix plugin needs to be modified to pass the dangerouslyAllowPrivateNetwork policy to the MatrixClient constructor to allow connections to homeservers with private IPs.

Guidance

  • Modify the createMatrixClient function in extensions/matrix/src/matrix/client/create-client.ts to accept and forward the policy object, including the dangerouslyAllowPrivateNetwork parameter.
  • Update the createMatrixClient function to pass the policy object to the @vector-im/matrix-bot-sdk MatrixClient constructor.
  • Verify that the dangerouslyAllowPrivateNetwork config value is being read and applied correctly by checking the plugin's logs or debugging the createMatrixClient function.
  • Consider adding additional logging or error handling to the plugin to provide more informative error messages when connections to private IPs are blocked.

Example

// extensions/matrix/src/matrix/client/create-client.ts
import { MatrixClient } from '@vector-im/matrix-bot-sdk';

interface CreateMatrixClientOptions {
  homeserver: string;
  userId: string;
  accessToken: string;
  encryption: boolean;
  localTimeoutMs: number;
  accountId: string;
  policy: { dangerouslyAllowPrivateNetwork: boolean }; // Add policy object
}

export function createMatrixClient(options: CreateMatrixClientOptions) {
  const { homeserver, userId, accessToken, encryption, localTimeoutMs, accountId, policy } = options;
  const matrixClient = new MatrixClient(homeserver, {
    userId,
    accessToken,
    encryption,
    localTimeoutMs,
    accountId,
    policy, // Pass policy object to MatrixClient constructor
  });
  return matrixClient;
}

Notes

The provided solution assumes that the @vector-im/matrix-bot-sdk library supports passing a policy object to the MatrixClient constructor. If this is not the case, additional modifications may be required.

Recommendation

Apply the workaround by modifying the createMatrixClient function to pass the policy object to the MatrixClient constructor, as this will allow connections to homeservers with private IPs.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…

FAQ

Expected behavior

The Matrix plugin fails to connect to homeservers resolving to private IPs regardless of the dangerouslyAllowPrivateNetwork config value. The dashboard (Channels > Matrix) and openclaw doctor report:

Matrix: failed (unknown) - Blocked: resolves to private/internal/special-use IP address

Inspection of the plugin source at extensions/matrix/src/matrix/client/create-client.ts shows that createMatrixClient accepts only homeserver, userId, accessToken, encryption, localTimeoutMs, and accountId — no policy/network/allowPrivateNetwork parameter is accepted or forwarded to the @vector-im/matrix-bot-sdk MatrixClient constructor.

The SSRF gate raising the error is located in the shared plugin SDK at dist/plugin-sdk/ssrf-*.js, which reads policy?.dangerouslyAllowPrivateNetwork and policy?.allowPrivateNetwork via resolveAllowPrivateNetwork(params.policy). Because the Matrix plugin never passes a policy object through this code path, neither channels.matrix.network.dangerouslyAllowPrivateNetwork nor the per-account accounts.*.network.dangerouslyAllowPrivateNetwork has any effect.

Grepping the Matrix extension for dangerouslyAllowPrivateNetwork, allowPrivateNetwork, ssrf, or "resolves to private" returns no matches in non-test source, confirming the plugin has no integration with the SSRF policy layer.

#ssr#model save/load#optimization#mixed precision#training loop

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

openclaw - ✅(Solved) Fix [Bug]: Matrix plugin ignores dangerouslyAllowPrivateNetwork config key, self-hosted LAN homeservers cannot connect [1 pull requests, 1 participants]