OpenWebUI/open-webui-custom
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: don't over quote forwarded headers

Browse Source 
Fix introduced on #15035 is over quoting headers.

Eg mails instead of user@example.com shown as user%40example.com
Eg names instead of First Last shown as First%20Last

Also we are spending some time quoting ids and roles without required.

Keep quote only on user name, initially had problem based on the discussion
https://github.com/open-webui/open-webui/discussions/14391

Also add space in safe characters, in order remove %20 from names.
This commit is contained in:
Athanasios Oikonomou
2025-07-10 22:00:14 +03:00
committed by Athanasios Oikonomou
parent 1f641ce1fb
commit 96758176cc
5 changed files with 84 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
backend/open_webui/retrieval/utils.py
View File

@@ -727,10 +727,10 @@ def generate_openai_batch_embeddings(
"Authorization": f"Bearer {key}",
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -776,10 +776,10 @@ def generate_azure_openai_batch_embeddings(
"api-key": key,
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -826,10 +826,10 @@ def generate_ollama_batch_embeddings(
"Authorization": f"Bearer {key}",
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS
else {}

8
backend/open_webui/routers/audio.py
View File

@@ -345,10 +345,10 @@ async def speech(request: Request, user=Depends(get_verified_user)):
"Authorization": f"Bearer {request.app.state.config.TTS_OPENAI_API_KEY}",
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS
else {}

8
backend/open_webui/routers/images.py
View File

@@ -499,10 +499,10 @@ async def image_generations(
headers["Content-Type"] = "application/json"
if ENABLE_FORWARD_USER_INFO_HEADERS:
headers["X-OpenWebUI-User-Name"] = quote(user.name)
headers["X-OpenWebUI-User-Id"] = quote(user.id)
headers["X-OpenWebUI-User-Email"] = quote(user.email)
headers["X-OpenWebUI-User-Role"] = quote(user.role)
headers["X-OpenWebUI-User-Name"] = quote(user.name, safe=" ")
headers["X-OpenWebUI-User-Id"] = user.id
headers["X-OpenWebUI-User-Email"] = user.email
headers["X-OpenWebUI-User-Role"] = user.role
data = {
"model": (

72
backend/open_webui/routers/ollama.py
View File

@@ -89,10 +89,10 @@ async def send_get_request(url, key=None, user: UserModel = None):
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -140,10 +140,10 @@ async def send_post_request(
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -244,10 +244,10 @@ async def verify_connection(
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -464,10 +464,10 @@ async def get_ollama_tags(
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -834,10 +834,10 @@ async def copy_model(
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -905,10 +905,10 @@ async def delete_model(
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -969,10 +969,10 @@ async def show_model_info(
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -1056,10 +1056,10 @@ async def embed(
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -1143,10 +1143,10 @@ async def embeddings(
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}

56
backend/open_webui/routers/openai.py
View File

@@ -67,10 +67,10 @@ async def send_get_request(url, key=None, user: UserModel = None):
**({"Authorization": f"Bearer {key}"} if key else {}),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -226,10 +226,10 @@ async def speech(request: Request, user=Depends(get_verified_user)):
),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS
else {}
@@ -479,10 +479,10 @@ async def get_models(
"Content-Type": "application/json",
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS
else {}
@@ -574,10 +574,10 @@ async def verify_connection(
"Content-Type": "application/json",
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS
else {}
@@ -818,10 +818,10 @@ async def generate_chat_completion(
),
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS
else {}
@@ -936,10 +936,10 @@ async def embeddings(request: Request, form_data: dict, user):
"Content-Type": "application/json",
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS and user
else {}
@@ -1008,10 +1008,10 @@ async def proxy(path: str, request: Request, user=Depends(get_verified_user)):
"Content-Type": "application/json",
**(
{
"X-OpenWebUI-User-Name": quote(user.name),
"X-OpenWebUI-User-Id": quote(user.id),
"X-OpenWebUI-User-Email": quote(user.email),
"X-OpenWebUI-User-Role": quote(user.role),
"X-OpenWebUI-User-Name": quote(user.name, safe=" "),
"X-OpenWebUI-User-Id": user.id,
"X-OpenWebUI-User-Email": user.email,
"X-OpenWebUI-User-Role": user.role,
}
if ENABLE_FORWARD_USER_INFO_HEADERS
else {}