mirror of
https://github.com/open-webui/open-webui
synced 2025-06-26 18:26:48 +00:00
When using trusted email header authentication, verify that the logged-in user's email matches the value in the header. This prevents session conflicts when the OAuth server changes the authenticated user. - Move trusted email verification after user existence check - Raise 401 if email mismatch is detected - Only perform verification when WEBUI_AUTH_TRUSTED_EMAIL_HEADER is enabled |
||
---|---|---|
.. | ||
data | ||
open_webui | ||
.dockerignore | ||
.gitignore | ||
dev.sh | ||
requirements.txt | ||
start_windows.bat | ||
start.sh |