ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 04:15:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

feat: Add CORS validation to WebSocket connections. #18410

Browse source
This commit is contained in:
Richard Watts-Seale 2025-10-18 20:25:45 +11:00
parent 9ae06a3cac
commit 25087e09e6
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
backend/open_webui/socket/main.py
View file

@ -18,6 +18,10 @@ from open_webui.utils.redis import (
get_sentinel_url_from_env, get_sentinel_url_from_env,
) )
from open_webui.config import (
CORS_ALLOW_ORIGIN,
)
from open_webui.env import ( from open_webui.env import (
ENABLE_WEBSOCKET_SUPPORT, ENABLE_WEBSOCKET_SUPPORT,
WEBSOCKET_MANAGER, WEBSOCKET_MANAGER,
@ -58,7 +62,7 @@ if WEBSOCKET_MANAGER == "redis":
else: else:
mgr = socketio.AsyncRedisManager(WEBSOCKET_REDIS_URL) mgr = socketio.AsyncRedisManager(WEBSOCKET_REDIS_URL)
sio = socketio.AsyncServer( sio = socketio.AsyncServer(
cors_allowed_origins=[], cors_allowed_origins=CORS_ALLOW_ORIGIN,
async_mode="asgi", async_mode="asgi",
transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]), transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]),
allow_upgrades=ENABLE_WEBSOCKET_SUPPORT, allow_upgrades=ENABLE_WEBSOCKET_SUPPORT,
@ -67,7 +71,7 @@ if WEBSOCKET_MANAGER == "redis":
) )
else: else:
sio = socketio.AsyncServer( sio = socketio.AsyncServer(
cors_allowed_origins=[], cors_allowed_origins=CORS_ALLOW_ORIGIN,
async_mode="asgi", async_mode="asgi",
transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]), transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]),
allow_upgrades=ENABLE_WEBSOCKET_SUPPORT, allow_upgrades=ENABLE_WEBSOCKET_SUPPORT,