Merge pull request #14783 from mrexodia/local-dev-fixes

fix: Improve local development setup
2025-12-16 03:47:49 +01:00 · 2025-06-08 18:59:38 +04:00
parent dae4a7088e 5e73fd569d
commit ac4513a773
5 changed files with 23 additions and 13 deletions
--- a/backend/dev.sh
+++ b/backend/dev.sh
@@ -1,2 +1,2 @@
 PORT="${PORT:-8080}"
-uvicorn open_webui.main:app --port $PORT --host 0.0.0.0 --forwarded-allow-ips '*' --reload
+uvicorn open_webui.main:app --port $PORT --host 0.0.0.0 --reload
--- a/backend/open_webui/config.py
+++ b/backend/open_webui/config.py
@@ -1245,12 +1245,6 @@ if THREAD_POOL_SIZE is not None and isinstance(THREAD_POOL_SIZE, str):
        THREAD_POOL_SIZE = None


-def validate_cors_origins(origins):
-    for origin in origins:
-        if origin != "*":
-            validate_cors_origin(origin)
-
-
 def validate_cors_origin(origin):
    parsed_url = urlparse(origin)

@@ -1271,16 +1265,18 @@ def validate_cors_origin(origin):
 # CORS_ALLOW_ORIGIN=http://localhost:5173;http://localhost:8080
 # in your .env file depending on your frontend port, 5173 in this case.
 CORS_ALLOW_ORIGIN = os.environ.get(
-    "CORS_ALLOW_ORIGIN", "*;http://localhost:5173;http://localhost:8080"
+    "CORS_ALLOW_ORIGIN", "*"
 ).split(";")

-if "*" in CORS_ALLOW_ORIGIN:
+if CORS_ALLOW_ORIGIN == ["*"]:
    log.warning(
        "\n\nWARNING: CORS_ALLOW_ORIGIN IS SET TO '*' - NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS.\n"
    )
-
-validate_cors_origins(CORS_ALLOW_ORIGIN)
-
+else:
+    # You have to pick between a single wildcard or a list of origins.
+    # Doing both will result in CORS errors in the browser.
+    for origin in CORS_ALLOW_ORIGIN:
+        validate_cors_origin(origin)

 class BannerModel(BaseModel):
    id: str