ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-11 20:05:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #18411 from ricdikulous/feat/websocket-cors-security

Browse source 
feat: add CORS validation to WebSocket connections for defense-in-depth
This commit is contained in:
Tim Baek 2025-10-19 22:44:55 -05:00 committed by GitHub
commit 3984184a82
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
backend/open_webui/socket/main.py
View file

@ -18,6 +18,10 @@ from open_webui.utils.redis import (
get_sentinel_url_from_env,
)
from open_webui.config import (
CORS_ALLOW_ORIGIN,
)
from open_webui.env import (
ENABLE_WEBSOCKET_SUPPORT,
WEBSOCKET_MANAGER,
@ -58,7 +62,7 @@ if WEBSOCKET_MANAGER == "redis":
else:
mgr = socketio.AsyncRedisManager(WEBSOCKET_REDIS_URL)
sio = socketio.AsyncServer(
cors_allowed_origins=[],
cors_allowed_origins=CORS_ALLOW_ORIGIN,
async_mode="asgi",
transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]),
allow_upgrades=ENABLE_WEBSOCKET_SUPPORT,
@ -67,7 +71,7 @@ if WEBSOCKET_MANAGER == "redis":
)
else:
sio = socketio.AsyncServer(
cors_allowed_origins=[],
cors_allowed_origins=CORS_ALLOW_ORIGIN,
async_mode="asgi",
transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]),
allow_upgrades=ENABLE_WEBSOCKET_SUPPORT,