OpenClaw
Why this happens and what it means for security
The error appears because the Dashboard gateway expects a valid token, but you opened a plain local URL that does not include the token.
When you open this address
http://127.0.0.1:18789/
you are only opening the local web page. The gateway still needs proof that the client is allowed to connect. In OpenClaw, that proof is the gateway token.
So the problem is not that localhost is broken. The problem is that the connection is missing the required token.
This is actually a security feature, and yes, it does make localhost usage safer.
Localhost feels private, but it is not the same as fully trusted. A token check helps in cases like these:
-
You accidentally expose the port through a tunnel, proxy, or container setting.
-
Another local app or browser session tries to connect.
-
You copy only the base URL and forget the token part.
-
The Control UI opens without a saved token.
In other words, OpenClaw is using a token as an extra lock, even for local access. That is a good design because it reduces risk from accidental exposure.
What you should do
Follow these steps exactly.
-
Run this on the machine where OpenClaw is running.
openclaw dashboard --no-open
-
Copy the full link that it prints.
It will include#token=... -
Open that full link in your browser, or paste the token into the Control UI Token field and click Connect.
-
If it still fails, generate a new token and paste it again.
openclaw doctor --generate-gateway-token
Key point
Your local address is fine, but the token is required.
So this error is expected behavior, and it is part of the security setup, not a sign that something is wrong with localhost itself.
----
OpenClaw and the lobster logo are trademarks of their respective owners. This blog is an independent guide and is not affiliated with or endorsed by the OpenClaw project.
No comments:
Post a Comment