ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 04:15:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #18411 from ricdikulous/feat/websocket-cors-security

Browse source 
feat: add CORS validation to WebSocket connections for defense-in-depth
This commit is contained in:
Tim Baek 2025-10-19 22:44:55 -05:00 committed by GitHub
commit 3984184a82
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
backend/open_webui/socket/main.py
View file

@ -18,6 +18,10 @@ from open_webui.utils.redis import (
get_sentinel_url_from_env, get_sentinel_url_from_env,
) )
from open_webui.config import (
CORS_ALLOW_ORIGIN,
)
from open_webui.env import ( from open_webui.env import (
ENABLE_WEBSOCKET_SUPPORT, ENABLE_WEBSOCKET_SUPPORT,
WEBSOCKET_MANAGER, WEBSOCKET_MANAGER,
@ -58,7 +62,7 @@ if WEBSOCKET_MANAGER == "redis":
else: else:
mgr = socketio.AsyncRedisManager(WEBSOCKET_REDIS_URL) mgr = socketio.AsyncRedisManager(WEBSOCKET_REDIS_URL)
sio = socketio.AsyncServer( sio = socketio.AsyncServer(
cors_allowed_origins=[], cors_allowed_origins=CORS_ALLOW_ORIGIN,
async_mode="asgi", async_mode="asgi",
transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]), transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]),
allow_upgrades=ENABLE_WEBSOCKET_SUPPORT, allow_upgrades=ENABLE_WEBSOCKET_SUPPORT,
@ -67,7 +71,7 @@ if WEBSOCKET_MANAGER == "redis":
) )
else: else:
sio = socketio.AsyncServer( sio = socketio.AsyncServer(
cors_allowed_origins=[], cors_allowed_origins=CORS_ALLOW_ORIGIN,
async_mode="asgi", async_mode="asgi",
transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]), transports=(["websocket"] if ENABLE_WEBSOCKET_SUPPORT else ["polling"]),
allow_upgrades=ENABLE_WEBSOCKET_SUPPORT, allow_upgrades=ENABLE_WEBSOCKET_SUPPORT,