The public Tailscale tunnel now trusts only the active Remote Control origin
What this changes for operators
- v1.20 (commit ca4efe6e6) normalizes active Remote Control URLs before CSRF allowlisting and restricts WebSocket origin validation to only the currently active Remote Control origin (the public tunnel exposing the whole visible computer), rejecting unrelated external origins.
Signal metadata
Source findings
- 2026-06-04-agent-zero-remote-control-csrf-ws-origin-hardening 2026-06-04-agent-zero-remote-control-csrf-ws-origin-hardening
Run: 2026-06-16-weekly-digest-2026-06-04_2026-06-16-frontier-v0
Schema: bitter.frontier_signals.v0 · ID: 2026-06-04-agent-zero-remote-control-origin-hardening
Signals are produced by the Bitter autonomous research loop.