ti.sil/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-12 04:15:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge pull request #16295 from Jakobu5/cors-custom-scheme-patch

Browse source 
feat: add custom cors scheme option
This commit is contained in:
Tim Jaeryang Baek 2025-08-05 20:03:32 +04:00 committed by GitHub
commit f81964b412
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
backend/open_webui/config.py
View file

@ -1366,10 +1366,11 @@ if THREAD_POOL_SIZE is not None and isinstance(THREAD_POOL_SIZE, str):
def validate_cors_origin(origin): def validate_cors_origin(origin):
parsed_url = urlparse(origin) parsed_url = urlparse(origin)
# Check if the scheme is either http or https # Check if the scheme is either http or https, or a custom scheme
if parsed_url.scheme not in ["http", "https"]: schemes = ["http", "https" ] + CORS_ALLOW_CUSTOM_SCHEME
if parsed_url.scheme not in schemes:
raise ValueError( raise ValueError(
f"Invalid scheme in CORS_ALLOW_ORIGIN: '{origin}'. Only 'http' and 'https' are allowed." f"Invalid scheme in CORS_ALLOW_ORIGIN: '{origin}'. Only 'http' and 'https' and CORS_ALLOW_CUSTOM_SCHEME are allowed."
) )
# Ensure that the netloc (domain + port) is present, indicating it's a valid URL # Ensure that the netloc (domain + port) is present, indicating it's a valid URL
@ -1384,6 +1385,11 @@ def validate_cors_origin(origin):
# in your .env file depending on your frontend port, 5173 in this case. # in your .env file depending on your frontend port, 5173 in this case.
CORS_ALLOW_ORIGIN = os.environ.get("CORS_ALLOW_ORIGIN", "*").split(";") CORS_ALLOW_ORIGIN = os.environ.get("CORS_ALLOW_ORIGIN", "*").split(";")
# Allows custom URL schemes (e.g., app://) to be used as origins for CORS.
# Useful for local development or desktop clients with schemes like app:// or other custom protocols.
# Provide a semicolon-separated list of allowed schemes in the environment variable CORS_ALLOW_CUSTOM_SCHEMES.
CORS_ALLOW_CUSTOM_SCHEME = os.environ.get("CORS_ALLOW_CUSTOM_SCHEME", "").split(";")
if CORS_ALLOW_ORIGIN == ["*"]: if CORS_ALLOW_ORIGIN == ["*"]:
log.warning( log.warning(
"\n\nWARNING: CORS_ALLOW_ORIGIN IS SET TO '*' - NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS.\n" "\n\nWARNING: CORS_ALLOW_ORIGIN IS SET TO '*' - NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS.\n"