ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 04:15:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix API_KEY_ALLOWED_ENDPOINTS

Browse source
This commit is contained in:
Juan Calderon-Perez 2025-04-03 23:52:10 -04:00 committed by GitHub
parent be20e6dec0
commit 1c57e3e02c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
backend/open_webui/utils/auth.py
View file

@ -182,7 +182,11 @@ def get_current_user(
).split(",") ).split(",")
] ]
if request.url.path not in allowed_paths: # Check if the request path matches any allowed endpoint.
if not any(
request.url.path == allowed or request.url.path.startswith(allowed + "/")
for allowed in allowed_paths
):
raise HTTPException( raise HTTPException(
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
) )