From 86e6b2b68b85e958188881785495030de1a30402 Mon Sep 17 00:00:00 2001 From: Tim Baek Date: Thu, 22 Jan 2026 16:18:16 -0500 Subject: [PATCH] refac: audit --- backend/open_webui/utils/audit.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/open_webui/utils/audit.py b/backend/open_webui/utils/audit.py index dc1226a08..73dc140de 100644 --- a/backend/open_webui/utils/audit.py +++ b/backend/open_webui/utils/audit.py @@ -221,7 +221,8 @@ class AuditLoggingMiddleware: return False # Do NOT skip logging for auth endpoints # Skip logging if the request is not authenticated - if not request.headers.get("authorization"): + # Check both Authorization header (API keys) and token cookie (browser sessions) + if not request.headers.get("authorization") and not request.cookies.get("token"): return True # match either /api//...(for the endpoint /api/chat case) or /api/v1//...