Summary
Goose Desktop's remote connection feature cannot connect to an external goosed server running on a non-localhost host due to two conflicting restrictions:
setCertificateVerifyProc and certificate-error handler reject self-signed certificates for non-localhost hosts (main.ts)- Content Security Policy (
connect-src 'self' http://127.0.0.1:* https:) blocks plain HTTP to non-localhost hosts
This creates a catch-22: HTTPS is rejected (self-signed cert on remote host), and HTTP is rejected (CSP violation).
Steps to reproduce
- Run
goosed agent on a remote server with GOOSE_SERVER__SECRET_KEY set
- Expose it via a TCP passthrough gateway (e.g.
https://remote-host:12604)
- In Goose Desktop, go to Settings > Remote Connection
- Enter the remote URL and secret key
- Connection fails with "Could not connect to external backend"
Expected behavior
Goose Desktop should be able to connect to a remote goosed server, which is the purpose of the Remote Connection feature and GOOSE_SERVER__SECRET_KEY.
Environment
- Goose Desktop v1.29.1
- goosed v1.29.1
- Remote server behind TCP passthrough gateway
Summary
Goose Desktop's remote connection feature cannot connect to an external goosed server running on a non-localhost host due to two conflicting restrictions:
setCertificateVerifyProcandcertificate-errorhandler reject self-signed certificates for non-localhost hosts (main.ts)connect-src 'self' http://127.0.0.1:* https:) blocks plain HTTP to non-localhost hostsThis creates a catch-22: HTTPS is rejected (self-signed cert on remote host), and HTTP is rejected (CSP violation).
Steps to reproduce
goosed agenton a remote server withGOOSE_SERVER__SECRET_KEYsethttps://remote-host:12604)Expected behavior
Goose Desktop should be able to connect to a remote goosed server, which is the purpose of the Remote Connection feature and
GOOSE_SERVER__SECRET_KEY.Environment