From 2d627966161e7bfa652fbce9024b3f69510ed133 Mon Sep 17 00:00:00 2001
From: Gary Meng <guozao.m@gmail.com>
Date: Wed, 3 Sep 2025 13:20:43 +0400
Subject: [PATCH] Allow user get /api/config with auth header

---
 backend/open_webui/main.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/backend/open_webui/main.py b/backend/open_webui/main.py
index d24bd5dcf1..91798b555e 100644
--- a/backend/open_webui/main.py
+++ b/backend/open_webui/main.py
@@ -1642,8 +1642,18 @@ async def list_tasks_by_chat_id_endpoint(
 @app.get("/api/config")
 async def get_app_config(request: Request):
     user = None
-    if "token" in request.cookies:
+    token = None
+
+    auth_header = request.headers.get("Authorization")
+    if auth_header:
+        cred = get_http_authorization_cred(auth_header)
+        if cred:
+            token = cred.credentials
+
+    if not token and "token" in request.cookies:
         token = request.cookies.get("token")
+
+    if token:
         try:
             data = decode_token(token)
         except Exception as e: