Fixed an issue with clearing application cookies during OAuth signout

Closes #8885. During the OAuth signout flow, although the `token` and `oauth_id_token` cookies were marked for deletion, a new RedirectResponse is created and returned. This does not contain the header info from the he Response object used to mark the cookies to be deleted. Hence the cookies remained. Fixed this by re-using the headers from the other Response object.
2025-12-15 19:37:47 +01:00 · 2025-02-08 22:37:24 -07:00
parent 0c3ba5123e
commit 6c6be5de88
1 changed files with 1 additions and 0 deletions
--- a/backend/open_webui/routers/auths.py
+++ b/backend/open_webui/routers/auths.py
@@ -546,6 +546,7 @@ async def signout(request: Request, response: Response):
                            if logout_url:
                                response.delete_cookie("oauth_id_token")
                                return RedirectResponse(
+                                    headers=response.headers,
                                    url=f"{logout_url}?id_token_hint={oauth_id_token}"
                                )
                        else: