refac: audit

2026-01-22 16:18:16 -05:00
parent 14e51e0977
commit 86e6b2b68b
1 changed files with 2 additions and 1 deletions
--- a/backend/open_webui/utils/audit.py
+++ b/backend/open_webui/utils/audit.py
@@ -221,7 +221,8 @@ class AuditLoggingMiddleware:
                return False  # Do NOT skip logging for auth endpoints

        # Skip logging if the request is not authenticated
-        if not request.headers.get("authorization"):
+        # Check both Authorization header (API keys) and token cookie (browser sessions)
+        if not request.headers.get("authorization") and not request.cookies.get("token"):
            return True

        # match either /api/<resource>/...(for the endpoint /api/chat case) or /api/v1/<resource>/...