PR #62996: fix(slack): preserve auth on same-origin media redirects

• Repository: openclaw/openclaw
• Author: vincentkoc
• State: closed | merged: True
• Link: https://github.com/openclaw/openclaw/pull/62996

Description (problem / solution / changelog)

Summary

• Problem: Slack url_private_download fetches lost Authorization on same-origin files.slack.com redirects, so image attachments degraded into HTML login pages and were dropped.
• Why it matters: Slack agents on current releases silently miss shared image attachments.
• What changed: moved auth into requestInit, kept the guarded fetch wrapper for dispatcher-backed requests, and added regression coverage for same-origin auth preservation plus cross-origin auth stripping.
• What did NOT change (scope boundary): no Slack CDN allowlist expansion, no generic SSRF redirect-policy changes, and no non-Slack media behavior.

Change Type (select all)

• Bug fix
• Feature
• Refactor required for the fix
• Docs
• Security hardening
• Chore/infra

Scope (select all touched areas)

• Gateway / orchestration
• Skills / tool execution
• Auth / tokens
• Memory / storage
• Integrations
• API / contracts
• UI / DX
• CI/CD / infra

Linked Issue/PR

• Closes #62960
• Related #62239
• This PR fixes a bug or regression

Root Cause (if applicable)

• Root cause: extensions/slack/src/monitor/media.ts managed the bearer token outside the shared guarded-fetch redirect flow. It sent auth on the first hop, then unconditionally deleted Authorization on every subsequent hop.
• Missing detection / guardrail: we did not have a regression test covering same-origin Slack redirects through the real resolveSlackMedia path.
• Contributing context (if known): the regression showed up after the SSRF redirect changes in 2026.4.5, but the actual bug was Slack-specific auth handling layered on top of that shared guard.

Regression Test Plan (if applicable)

• Coverage level that should have caught this:
  • Unit test
  • Seam / integration test
  • End-to-end test
  • Existing coverage already sufficient
• Target test or file: extensions/slack/src/monitor/media.test.ts
• Scenario the test should lock in: same-origin files.slack.com redirects keep Authorization; cross-origin Slack CDN redirects strip it.
• Why this is the smallest reliable guardrail: it exercises the real Slack media download path without needing a live Slack workspace.
• Existing test that already covers this (if any): none for the same-origin redirect case.
• If no new test is added, why not: N/A

User-visible / Behavior Changes

Slack image attachments served through url_private_download load again instead of being silently dropped after a login-page redirect.

Diagram (if applicable)

Before:
[Slack image upload] -> [files.slack.com redirect] -> [auth stripped too early] -> [HTML login page] -> [attachment dropped]

After:
[Slack image upload] -> [same-origin redirect keeps auth] -> [cross-origin redirect strips auth] -> [binary media fetched]

Security Impact (required)

• New permissions/capabilities? No
• Secrets/tokens handling changed? Yes
• New/changed network calls? No
• Command/tool execution surface changed? No
• Data access scope changed? No
• If any Yes, explain risk + mitigation: the bearer token now stays attached only on same-origin Slack redirects. Cross-origin redirects still pass through the shared guarded-fetch stripping logic, so we do not widen token exposure beyond Slack's original host.

Repro + Verification

Environment

• OS: macOS host worktree verification
• Runtime/container: local Node 25.8.2 / pnpm 10.32.1
• Model/provider: N/A
• Integration/channel (if any): Slack
• Relevant config (redacted): N/A

Steps

1. Mock a Slack media download that redirects from https://files.slack.com/... to a same-origin path.
2. Verify the second request still carries Authorization.
3. Mock a redirect to https://downloads.slack-edge.com/... and verify auth is stripped there.

Expected

• Same-origin redirects keep the bearer token.
• Cross-origin Slack CDN redirects strip the bearer token.
• resolveSlackMedia returns the saved attachment instead of null.

Actual

• Verified by the new regression tests and the targeted local run below.

Evidence

• Failing test/log before + passing after
• Trace/log snippets
• Screenshot/recording
• Perf numbers (if relevant)

Human Verification (required)

• Verified scenarios: pnpm test extensions/slack/src/monitor/media.test.ts; pnpm build; targeted oxlint and oxfmt --check on the touched files.
• Edge cases checked: same-origin redirect auth preservation, cross-origin redirect auth stripping, dispatcher-backed runtime fetch path.
• What you did not verify: I did not get a clean repo-wide pnpm lint or pnpm test gate because current main has unrelated failures, and the default core sparse profile initially hid ui/, packages/, and OpenClawKit resource paths until I materialized them.

Review Conversations

• I replied to or resolved every bot review conversation I addressed in this PR.
• I left unresolved only the conversations that still need reviewer or maintainer judgment.

Compatibility / Migration

• Backward compatible? Yes
• Config/env changes? No
• Migration needed? No
• If yes, exact upgrade steps: N/A

Risks and Mitigations

• Risk: preserving auth on redirects could accidentally keep tokens on the wrong host if the redirect-origin check were wrong.
  • Mitigation: auth now rides through the shared guarded-fetch flow, which preserves headers only for same-origin redirects and strips them on cross-origin hops.

Changed files

• CHANGELOG.md (modified, +4/-0)
• extensions/slack/src/monitor/media.test.ts (modified, +84/-7)
• extensions/slack/src/monitor/media.ts (modified, +41/-35)