fix(app): skip url password setting for same-origin server and web app#19923
Merged
Brendonovich merged 3 commits intoanomalyco:devfrom Apr 8, 2026
Merged
fix(app): skip url password setting for same-origin server and web app#19923Brendonovich merged 3 commits intoanomalyco:devfrom
Brendonovich merged 3 commits intoanomalyco:devfrom
Conversation
Contributor
|
The following comment was made by an LLM, it may be inaccurate: Based on my search, I found one potentially related PR: PR #17970: fix(app): don't override browser basic auth on terminal WebSocket This PR appears to address a similar issue - preventing override of browser basic authentication. It's related to the same problem space (handling authentication credentials in the web app), though it specifically focuses on terminal WebSocket whereas PR #19923 addresses same-origin server detection. The other results (PRs #9095, #12000, #18091, #18674, #15866) are less directly related as they address different authentication or connectivity concerns. |
|
opencode version 1.3.7 |
|
linux opencode version 1.3.9 |
|
Solving the problem of accessing the terminal via the web UI in a browser - without editing the source code.
After this, the WSS URL will be generated using the specified username and password. However, in general, using the "opencode" login with an empty password as the default is absolutely wrong. |
5 tasks
NicholasDominici
added a commit
to jairad26/opencode
that referenced
this pull request
Apr 9, 2026
* fix: bump openrouter ai sdk pkg to fix openrouter issues (anomalyco#21242) * chore: update nix node_modules hashes * chore: remove ai-sdk/provider-utils patch and update pkg (anomalyco#21245) * chore: update nix node_modules hashes * chore: bump anthropic ai sdk pkg, delete patch (anomalyco#21247) * refactor(core): add full http proxy and change workspace adaptor interface (anomalyco#21239) * go: add mimo * feat: add --dangerously-skip-permissions flag to opencode run (anomalyco#21266) * chore: update nix node_modules hashes * feat(opencode): Add PDF attachment Drag and Drop (anomalyco#16926) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Co-authored-by: Aiden Cline <aidenpcline@gmail.com> * feat(app): show full names on composer attachment chips (anomalyco#21306) * style(app): redesign jump-to-bottom button per figma spec (anomalyco#21313) * Move auto-accept permissions to settings (anomalyco#21308) * go: support coupon * fix(opencode): keep user message variants scoped to model (anomalyco#21332) * chore: generate * chore: update web stats * feat(app): better subagent experience (anomalyco#20708) * refactor(core): support multiple event streams in worker and remove workspaces from plugin api (anomalyco#21348) * fix(tui): use sentence case for theme mode command palette items (anomalyco#21192) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * fix: ensure the alibaba provider errors are retried (anomalyco#21355) * fix(opencode): improve console login transport errors (anomalyco#21350) * chore: generate * feat(tui): allow variant_list keybind for the "Switch model variant" command (anomalyco#21185) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * test: disable GPG signing in test fixtures (anomalyco#20386) * fix(opencode): clear webfetch timeouts on failed fetches (anomalyco#21378) * feat(opencode): add OTLP observability support (anomalyco#21387) * zen: glm5.1 doc * zen: glm5.1 doc * go: glm5.1 * core: refactor tool system to remove agent context from initialization (anomalyco#21052) * refactor(snapshot): store unified patches in file diffs (anomalyco#21244) Co-authored-by: Adam <2363879+adamdotdevin@users.noreply.github.com> * chore: generate * release: v1.4.0 * chore: update nix node_modules hashes * fix(tui): simplify console org display (anomalyco#21339) Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> * ui: fix sticky session diffs header (anomalyco#21486) * test: update webfetch test (anomalyco#21398) Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> * fix: ensure that /providers list and shell endpoints are correctly typed in sdk and openapi schema (anomalyco#21543) * fix(app): patch tool diff rendering * fix(app): diff list normalization * fix: dont show invalid variants for BP (anomalyco#21555) * tweak: separate ModelsDev.Model and Config model schemas (anomalyco#21561) * refactor(effect): build task tool from agent services (anomalyco#21017) * fix(app): skip url password setting for same-origin server and web app (anomalyco#19923) * fix: propagate abort signal to inline read tool (anomalyco#21584) * refactor(effect): inline session processor interrupt cleanup (anomalyco#21593) * feat(llm): integrate GitLab DWS tool approval with permission system (anomalyco#19955) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * chore: update nix node_modules hashes * fix(lsp): remove CMakeLists.txt and Makefile from clangd root markers (anomalyco#21466) * Remove CLI from electron app (anomalyco#17803) Co-authored-by: LukeParkerDev <10430890+Hona@users.noreply.github.com> * chore: generate * chore: update nix node_modules hashes * feat: add opencode go upsell modal when limits are hit (anomalyco#21583) Co-authored-by: Frank <frank@anoma.ly> * release: v1.4.1 * app: remove min loading duration (anomalyco#21655) * fix: preserve interrupted bash output in tool results (anomalyco#21598) * fix: preserve text part timing in session processor (anomalyco#21691) * refactor(effect): drop shell abort signals from runner (anomalyco#21599) * refactor: fix tool call state handling and clean up imports (anomalyco#21709) * release: v1.4.2 * feat(mcp): add OAuth redirect URI configuration for MCP servers (anomalyco#21385) Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> * chore: generate * fix(tui): restore hidden session scrollbar default (anomalyco#20947) * feat: add support for fast modes for claude and gpt models (that support it) (anomalyco#21706) * opencode: lazy-load top-level CLI commands The CLI imports every top-level command before argument parsing has decided which handler will run. This makes simple invocations pay for the full command graph up front and slows down the default startup path. Parse the root argv first and load only the command module that matches the selected top-level command. Keep falling back to the default TUI path for non-command positionals, and preserve root help, version and completion handling * delete unused withALS method (anomalyco#21723) * Revert "opencode: lazy-load top-level CLI commands" (anomalyco#21726) * fix(effect): suspend agent default layer construction (anomalyco#21732) --------- Co-authored-by: Aiden Cline <63023139+rekram1-node@users.noreply.github.com> Co-authored-by: opencode-agent[bot] <opencode-agent[bot]@users.noreply.github.com> Co-authored-by: James Long <longster@gmail.com> Co-authored-by: Frank <frank@anoma.ly> Co-authored-by: gitpush-gitpaid <149759805+gitpush-gitpaid@users.noreply.github.com> Co-authored-by: Aiden Cline <aidenpcline@gmail.com> Co-authored-by: Shoubhit Dash <shoubhit2005@gmail.com> Co-authored-by: Dax <mail@thdxr.com> Co-authored-by: Adam <2363879+adamdotdevin@users.noreply.github.com> Co-authored-by: Ariane Emory <97994360+ariane-emory@users.noreply.github.com> Co-authored-by: Kit Langton <kit.langton@gmail.com> Co-authored-by: Kyle Altendorf <sda@fstab.net> Co-authored-by: opencode <opencode@sst.dev> Co-authored-by: Brendan Allan <brendonovich@outlook.com> Co-authored-by: OpeOginni <107570612+OpeOginni@users.noreply.github.com> Co-authored-by: Vladimir Glafirov <vglafirov@gitlab.com> Co-authored-by: Cho HyeonJong <mbin96@gmail.com> Co-authored-by: LukeParkerDev <10430890+Hona@users.noreply.github.com> Co-authored-by: Aleksandr Lossenko <aleksandr.lossenko@gmail.com> Co-authored-by: Simon Klee <hello@simonklee.dk>
timrichardson
pushed a commit
to timrichardson/opencode
that referenced
this pull request
Apr 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #19920
Type of change
What does this PR do?
This PR adds a check to know if the origin of the server and that of the opencode web client is equal. If it is it does not override the already authenticated url instance, since the browser will give the native username and password auth prompt.
How did you verify your code works?
Built and locally served the app’s production bundle, pointed
opencode serveat that local app instance, then verified the web client could connect to and use the sameopencode serveURL.Screenshots / recordings
Screen.Recording.2026-03-29.at.18.05.41.mov
Checklist