github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-06-08 10:13:22 -05:00
Code Issues 2.4k Packages Projects Releases 129 Wiki Activity

[PR #21092] [CLOSED] feat: add user info headers support in mcp tool calling. #113236

New Issue
Closed
opened 2026-05-18 13:34:24 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-18 13:34:24 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/21092
Author: @notfolder
Created: 2/1/2026
Status: Closed

Base: devHead: feature/dev-add-user-info-mcp-call

📝 Commits (1)

  • c0c95cd feat: add user info headers support in mcp tool calling.

📊 Changes

2 files changed (+18 additions, -0 deletions)

View changed files

📝 backend/open_webui/utils/middleware.py (+9 -0)
📝 backend/open_webui/utils/tools.py (+9 -0)

📄 Description

Pull Request Checklist

Note to first-time contributors

This change was discussed conceptually in advance and is intentionally designed as a small, opt-in, backward-compatible enhancement aligned with existing Open WebUI behavior.

Before submitting, I have confirmed the following:

  • Target branch: This pull request targets the dev branch.
  • Description: A concise and accurate description of the changes is provided below.
  • Changelog: A changelog entry following Keep a Changelog format is included.
  • Documentation: No user-facing documentation updates are required. This change introduces a backend-only, opt-in environment variable.
  • Dependencies: No new dependencies were added.
  • Testing: All changes were manually tested (details below).
  • Agentic AI Code: This PR was written and reviewed by a human. AI assistance, if any, was limited to review and language refinement. All logic, validation, and testing were performed manually.
  • Code review: A self-review was performed to ensure consistency with existing coding standards and patterns.
  • Title Prefix: feat:

Changelog Entry

Description

This pull request introduces an optional mechanism to forward Open WebUI user and chat context as HTTP headers when invoking external tool servers.

Currently, Open WebUI forwards user-related headers (such as user ID and chat ID) when proxying requests to OpenAI-compatible LLM endpoints. However, the same contextual information is not available to external Tool / OpenAPI servers, making it difficult to implement per-user authorization, auditing, rate limiting, or request tracing on the tool side.

This change adds a strictly opt-in, backward-compatible enhancement that allows operators to forward selected Open WebUI context headers to tool servers via an environment variable.

Added

  • Optional forwarding of the following HTTP headers during tool execution:
    • X-OpenWebUI-User-Id
    • X-OpenWebUI-Chat-Id
  • New environment variable to explicitly enable this behavior:
    • ENABLE_FORWARD_USER_INFO_HEADERS_TO_TOOLS

Changed

  • Updated tool execution HTTP request construction in:
    • backend/open_webui/utils/middleware.py
    • backend/open_webui/utils/tools.py
  • Tool execution now conditionally injects user/chat headers only when explicitly enabled.

Deprecated

  • None

Removed

  • None

Fixed

  • N/A

Security

  • This feature is disabled by default.
  • User-related headers are forwarded only when the operator explicitly enables the environment variable.
  • No behavior change occurs for existing installations unless the feature is enabled.
  • This mirrors the existing security model used for OpenAI-compatible proxy requests.

Breaking Changes

  • None
    This change is fully backward-compatible and opt-in.

Additional Information

  • This implementation intentionally mirrors the existing behavior controlled by ENABLE_FORWARD_USER_INFO_HEADERS used in the OpenAI proxy path, ensuring conceptual and operational consistency.
  • The change is strictly limited to the tool execution layer and does not affect:
    • Tool CRUD APIs
    • Frontend behavior
    • Existing tool definitions

Testing

Manual testing was performed as follows:

  1. Configured a local external tool server that logs all incoming HTTP request headers.
  2. Executed tool calls with ENABLE_FORWARD_USER_INFO_HEADERS_TO_TOOLS unset:
    • Verified that no X-OpenWebUI-* headers were forwarded.
  3. Executed tool calls with ENABLE_FORWARD_USER_INFO_HEADERS_TO_TOOLS=true:
    • Verified that X-OpenWebUI-User-Id and X-OpenWebUI-Chat-Id were correctly forwarded.
  4. Confirmed no regressions in existing tool execution behavior when the feature is disabled.

This confirms both correct functionality and backward compatibility.

Screenshots or Videos

  • Not applicable (backend-only change; behavior verified via HTTP request inspection and logs).

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the
Contributor License Agreement (CLA),
and I am providing my contributions under its terms.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/21092 **Author:** [@notfolder](https://github.com/notfolder) **Created:** 2/1/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `feature/dev-add-user-info-mcp-call` --- ### 📝 Commits (1) - [`c0c95cd`](https://github.com/open-webui/open-webui/commit/c0c95cd731030baf967abdec3fba4bbefc6e2850) feat: add user info headers support in mcp tool calling. ### 📊 Changes **2 files changed** (+18 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/middleware.py` (+9 -0) 📝 `backend/open_webui/utils/tools.py` (+9 -0) </details> ### 📄 Description # Pull Request Checklist ### Note to first-time contributors This change was discussed conceptually in advance and is intentionally designed as a small, opt-in, backward-compatible enhancement aligned with existing Open WebUI behavior. **Before submitting, I have confirmed the following:** - [x] **Target branch:** This pull request targets the `dev` branch. - [x] **Description:** A concise and accurate description of the changes is provided below. - [x] **Changelog:** A changelog entry following *Keep a Changelog* format is included. - [x] **Documentation:** No user-facing documentation updates are required. This change introduces a backend-only, opt-in environment variable. - [x] **Dependencies:** No new dependencies were added. - [x] **Testing:** All changes were manually tested (details below). - [x] **Agentic AI Code:** This PR was written and reviewed by a human. AI assistance, if any, was limited to review and language refinement. All logic, validation, and testing were performed manually. - [x] **Code review:** A self-review was performed to ensure consistency with existing coding standards and patterns. - [x] **Title Prefix:** `feat:` --- # Changelog Entry ## Description This pull request introduces an optional mechanism to forward Open WebUI user and chat context as HTTP headers when invoking external tool servers. Currently, Open WebUI forwards user-related headers (such as user ID and chat ID) when proxying requests to OpenAI-compatible LLM endpoints. However, the same contextual information is not available to external Tool / OpenAPI servers, making it difficult to implement per-user authorization, auditing, rate limiting, or request tracing on the tool side. This change adds a strictly opt-in, backward-compatible enhancement that allows operators to forward selected Open WebUI context headers to tool servers via an environment variable. --- ## Added - Optional forwarding of the following HTTP headers during tool execution: - `X-OpenWebUI-User-Id` - `X-OpenWebUI-Chat-Id` - New environment variable to explicitly enable this behavior: - `ENABLE_FORWARD_USER_INFO_HEADERS_TO_TOOLS` --- ## Changed - Updated tool execution HTTP request construction in: - `backend/open_webui/utils/middleware.py` - `backend/open_webui/utils/tools.py` - Tool execution now conditionally injects user/chat headers **only when explicitly enabled**. --- ## Deprecated - None --- ## Removed - None --- ## Fixed - N/A --- ## Security - This feature is **disabled by default**. - User-related headers are forwarded **only** when the operator explicitly enables the environment variable. - No behavior change occurs for existing installations unless the feature is enabled. - This mirrors the existing security model used for OpenAI-compatible proxy requests. --- ## Breaking Changes - None This change is fully backward-compatible and opt-in. --- ## Additional Information - This implementation intentionally mirrors the existing behavior controlled by `ENABLE_FORWARD_USER_INFO_HEADERS` used in the OpenAI proxy path, ensuring conceptual and operational consistency. - The change is strictly limited to the tool execution layer and does **not** affect: - Tool CRUD APIs - Frontend behavior - Existing tool definitions --- ## Testing Manual testing was performed as follows: 1. Configured a local external tool server that logs all incoming HTTP request headers. 2. Executed tool calls with `ENABLE_FORWARD_USER_INFO_HEADERS_TO_TOOLS` **unset**: - Verified that no `X-OpenWebUI-*` headers were forwarded. 3. Executed tool calls with `ENABLE_FORWARD_USER_INFO_HEADERS_TO_TOOLS=true`: - Verified that `X-OpenWebUI-User-Id` and `X-OpenWebUI-Chat-Id` were correctly forwarded. 4. Confirmed no regressions in existing tool execution behavior when the feature is disabled. This confirms both correct functionality and backward compatibility. --- ## Screenshots or Videos - Not applicable (backend-only change; behavior verified via HTTP request inspection and logs). --- ## Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-18 13:34:24 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#113236
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?