mirror of
https://github.com/open-webui/open-webui
synced 2025-05-02 20:11:56 +00:00
412923dc91
Introducing two new env config options to control cookies settings regarding authentication. These values are taken into use when setting 'token' and 'oauth_id_token'. To maintain backwards compatibility, the original session cookie values are used as fallback. Separation is done to prevent issues with the session cookie. When the config value was set as 'strict', the oauth flow was broken (since the session cookie was not provided after the callback). Providing a separate config for auth & session cookies allows us to keep the 'strict' settings for auth related cookies, while also allowing the session cookie to behave as intended (e.g., by configuring it as 'lax'). The original config was added in commit #af4f8aa. However a later commit #a2e889c reused this config option for other type of cookies, which was not the original intent. |
||
|---|---|---|
| .. | ||
| images | ||
| access_control.py | ||
| auth.py | ||
| chat.py | ||
| middleware.py | ||
| misc.py | ||
| models.py | ||
| oauth.py | ||
| payload.py | ||
| pdf_generator.py | ||
| plugin.py | ||
| response.py | ||
| security_headers.py | ||
| task.py | ||
| tools.py | ||
| webhook.py | ||