OpenWebUI/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui synced 2025-05-23 22:34:31 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
412923dc91
open-webui/backend
History
Antti Pyykkönen 412923dc91 feat: separate cookie settings between session & auth cookies 
Introducing two new env config options to control cookies settings regarding
authentication. These values are taken into use when setting 'token' and 'oauth_id_token'.
To maintain backwards compatibility, the original session cookie values are used as
fallback.

Separation is done to prevent issues with the session cookie. When the config value was
set as 'strict', the oauth flow was broken (since the session cookie was not provided
after the callback).

Providing a separate config for auth & session cookies allows us to keep the 'strict'
settings for auth related cookies, while also allowing the session cookie to behave as
intended (e.g., by configuring it as 'lax').

The original config was added in commit #af4f8aa. However a later commit #a2e889c reused
this config option for other type of cookies, which was not the original intent.
2025-01-23 16:16:50 +02:00
..
data refac: mv backend files to /open_webui dir 2024-09-04 16:54:48 +02:00
open_webui feat: separate cookie settings between session & auth cookies 2025-01-23 16:16:50 +02:00
.dockerignore
.gitignore refac 2024-09-06 04:59:20 +02:00
dev.sh refac: mv backend files to /open_webui dir 2024-09-04 16:54:48 +02:00
requirements.txt chore: bump duckduckgo-search 2025-01-22 10:46:57 -08:00
start_windows.bat fix scripts to point to correct path 2024-09-04 20:27:30 +02:00
start.sh refac: mv backend files to /open_webui dir 2024-09-04 16:54:48 +02:00