Summary

The Chrome extension relay server at port 18792 rejects all authentication attempts with HTTP 401 Unauthorized, regardless of the token configured in gateway.auth.token or passed via x-openclaw-relay-token header.

Steps to reproduce

1. Start OpenClaw gateway with token auth configured
2. Verify gateway token in config: grep '"token"' ~/.openclaw/openclaw.json
3. Test relay endpoint: curl -s -H "x-openclaw-relay-token: " http://127.0.0.1:18792/json/version
4. Result: Unauthorized (HTTP 401)

Expected behavior

The relay should accept the gateway token and return Chrome DevTools Protocol version info, or allow the Chrome extension to connect successfully.

Actual behavior

Always returns HTTP 401 Unauthorized, regardless of:

• Correct token in gateway.auth.token
• Token passed via x-openclaw-relay-token header
• Token passed via Authorization: Bearer header
• Token regenerated and gateway restarted

WebSocket connection to ws://127.0.0.1:18792/extension?token=... also returns 401.

OpenClaw version

2026.2.22-2

Operating system

Linux (Ubuntu)

Install method

npm -g

Logs, screenshots, and evidence

Impact and severity

No response

Additional information

• Gateway itself works fine (ws://127.0.0.1:18789 accepts connections with same token)
• Relay server is listening on port 18792 (returns OK on /)
• The openclaw profile browser works correctly (port 18800)
• Only the chrome profile (extension relay) is broken

Workaround: Use openclaw profile browser instead of Chrome extension relay.