open-webui/backend
sasidhar 61f49ff580 fix: ensure trusted email header matches logged-in user
When using trusted email header authentication, verify that the logged-in user's
email matches the value in the header. This prevents session conflicts when the
OAuth server changes the authenticated user.

- Move trusted email verification after user existence check
- Raise 401 if email mismatch is detected
- Only perform verification when WEBUI_AUTH_TRUSTED_EMAIL_HEADER is enabled
2025-06-08 14:16:10 +05:30
..
data
open_webui fix: ensure trusted email header matches logged-in user 2025-06-08 14:16:10 +05:30
.dockerignore
.gitignore
dev.sh
requirements.txt feat: GZip, Brotli, ZStd compression middleware support 2025-05-26 14:18:29 +04:00
start_windows.bat
start.sh Fix: Use dynamic Python command to run uvicorn and support pyenv setups. 2025-04-29 09:14:23 +01:00