Mirrors/open-webui
1
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2025-12-16 20:07:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix API_KEY_ALLOWED_ENDPOINTS

Browse Source
This commit is contained in:
Juan Calderon-Perez
2025-04-03 23:52:10 -04:00
committed by GitHub
parent be20e6dec0
commit 1c57e3e02c
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
backend/open_webui/utils/auth.py
View File

@@ -182,7 +182,11 @@ def get_current_user(
).split(",") ).split(",")
] ]
if request.url.path not in allowed_paths: # Check if the request path matches any allowed endpoint.
if not any(
request.url.path == allowed or request.url.path.startswith(allowed + "/")
for allowed in allowed_paths
):
raise HTTPException( raise HTTPException(
status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED status.HTTP_403_FORBIDDEN, detail=ERROR_MESSAGES.API_KEY_NOT_ALLOWED
) )