sasidhar 61f49ff580 fix: ensure trusted email header matches logged-in user ...

When using trusted email header authentication, verify that the logged-in user's
email matches the value in the header. This prevents session conflicts when the
OAuth server changes the authenticated user.

- Move trusted email verification after user existence check
- Raise 401 if email mismatch is detected
- Only perform verification when WEBUI_AUTH_TRUSTED_EMAIL_HEADER is enabled

2025-06-08 14:16:10 +05:30

..

data

refac: mv backend files to /open_webui dir

2024-09-04 16:54:48 +02:00

open_webui

fix: ensure trusted email header matches logged-in user

2025-06-08 14:16:10 +05:30

.dockerignore

fix: litellm config issue

2024-02-24 22:35:11 -08:00

.gitignore

refac

2024-09-06 04:59:20 +02:00

dev.sh

refac: mv backend files to /open_webui dir

2024-09-04 16:54:48 +02:00

requirements.txt

feat: GZip, Brotli, ZStd compression middleware support

2025-05-26 14:18:29 +04:00

start_windows.bat

refac: web/rag config

2025-04-12 16:33:36 -07:00

start.sh

Fix: Use dynamic Python command to run uvicorn and support pyenv setups.

2025-04-29 09:14:23 +01:00