OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-05-18 20:31:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Fix API_KEY_ALLOWED_ENDPOINTS

Browse Source
This commit is contained in:
Juan Calderon-Perez 2025-04-03 23:52:10 -04:00 committed by GitHub
parent be20e6dec0
commit 1c57e3e02c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/open_webui/utils/auth.py
View File

@ -182,7 +182,11 @@ def get_current_user(
).split(",")
]
if request.url.path not in allowed_paths:
# Check if the request path matches any allowed endpoint.
if not any(
request.url.path == allowed or request.url.path.startswith(allowed + "/")
for allowed in allowed_paths
):
raise HTTPException(
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
)