OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-05-19 12:51:35 +00:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Fix API_KEY_ALLOWED_ENDPOINTS

Browse Source
This commit is contained in:
Juan Calderon-Perez 2025-04-03 23:52:10 -04:00 committed by GitHub
parent be20e6dec0
commit 1c57e3e02c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
backend/open_webui/utils/auth.py
View File

@ -182,7 +182,11 @@ def get_current_user(
).split(",") ).split(",")
] ]
if request.url.path not in allowed_paths: # Check if the request path matches any allowed endpoint.
if not any(
request.url.path == allowed or request.url.path.startswith(allowed + "/")
for allowed in allowed_paths
):
raise HTTPException( raise HTTPException(
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
) )