From 6c6be5de886f07c64e170b70865b56718d6809f5 Mon Sep 17 00:00:00 2001
From: Ranjan Mohan <ranjanmj@gmail.com>
Date: Sat, 8 Feb 2025 22:37:24 -0700
Subject: [PATCH] Fixed an issue with clearing application cookies during OAuth
 signout

Closes #8885.

During the OAuth signout flow, although the `token` and `oauth_id_token`
cookies were marked for deletion, a new RedirectResponse is created and
returned. This does not contain the header info from the he Response object
used to mark the cookies to be deleted. Hence the cookies remained.
Fixed this by re-using the headers from the other Response object.
---
 backend/open_webui/routers/auths.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/open_webui/routers/auths.py b/backend/open_webui/routers/auths.py
index a3f2e8b32..494ba3611 100644
--- a/backend/open_webui/routers/auths.py
+++ b/backend/open_webui/routers/auths.py
@@ -546,6 +546,7 @@ async def signout(request: Request, response: Response):
                             if logout_url:
                                 response.delete_cookie("oauth_id_token")
                                 return RedirectResponse(
+                                    headers=response.headers,
                                     url=f"{logout_url}?id_token_hint={oauth_id_token}"
                                 )
                         else: