Description
The local daemon HTTP server (running on 127.0.0.1:7070) applies CorsLayer::new().allow_origin(Any) with no authentication on sensitive routes like /api/v1/sql_execute, semantic_search, and hybrid_search.
File: crates/daemon/src/server/server.rs (lines ~158-166)
Current Code
ust let cors = CorsLayer::new() .allow_origin(Any) // any website can cross-origin request the daemon .allow_methods(Any) .allow_headers(Any)
Impact
Any webpage the user has open in their browser can make cross-origin fetch() requests to these endpoints and read all captured screen/activity data. This is a classic localhost CSRF / cross-site data exfiltration attack.
Suggested Fix
- Restrict allowed origins to the Tauri app origin (
tauri://localhost) and http://localhost for dev builds only.
- Alternatively, generate a random secret token at daemon startup (store it in the port file) and require it as a request header, so browser-based cross-origin requests cannot succeed without the token.
Description
The local daemon HTTP server (running on
127.0.0.1:7070) appliesCorsLayer::new().allow_origin(Any)with no authentication on sensitive routes like/api/v1/sql_execute,semantic_search, andhybrid_search.File:
crates/daemon/src/server/server.rs(lines ~158-166)Current Code
ust let cors = CorsLayer::new() .allow_origin(Any) // any website can cross-origin request the daemon .allow_methods(Any) .allow_headers(Any)Impact
Any webpage the user has open in their browser can make cross-origin
fetch()requests to these endpoints and read all captured screen/activity data. This is a classic localhost CSRF / cross-site data exfiltration attack.Suggested Fix
tauri://localhost) andhttp://localhostfor dev builds only.