From 1c57e3e02c11fdc606988dea2e188dbf8cd59c63 Mon Sep 17 00:00:00 2001
From: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Date: Thu, 3 Apr 2025 23:52:10 -0400
Subject: [PATCH] Fix API_KEY_ALLOWED_ENDPOINTS

---
 backend/open_webui/utils/auth.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/backend/open_webui/utils/auth.py b/backend/open_webui/utils/auth.py
index 54ad6a0bf..f3979fc35 100644
--- a/backend/open_webui/utils/auth.py
+++ b/backend/open_webui/utils/auth.py
@@ -182,7 +182,11 @@ def get_current_user(
                 ).split(",")
             ]
 
-            if request.url.path not in allowed_paths:
+            # Check if the request path matches any allowed endpoint.
+            if not any(
+                request.url.path == allowed or request.url.path.startswith(allowed + "/")
+                for allowed in allowed_paths
+            ):
                 raise HTTPException(
                     status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
                 )