mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 06:03:26 -05:00
[PR #24817] [CLOSED] fix: prevent redirect-based SSRF in OAuth picture URL fetch #115178
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/24817
Author: @Sanaullah-Korai
Created: 5/16/2026
Status: ❌ Closed
Base:
main← Head:fix/ssrf-redirect-oauth-picture-url📝 Commits (1)
e5d7933fix: prevent redirect-based SSRF in OAuth picture URL fetch📊 Changes
1 file changed (+6 additions, -1 deletions)
View changed files
📝
backend/open_webui/utils/oauth.py(+6 -1)📄 Description
Summary
Add
allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTSto thesession.get()call in_process_picture_url().Details
The
_process_picture_url()method inoauth.py:1457callsvalidate_url()to guard against SSRF but does not passallow_redirects=Falseto the aiohttp client. This means a URL that passesvalidate_url()can 302-redirect to an internal address (e.g.,169.254.169.254) and the redirect is followed.Fix
This matches the existing pattern already used in:
oauth.py:744)images.py:820)retrieval/utils.py:189)files.py:61-64)The
AIOHTTP_CLIENT_ALLOW_REDIRECTSvariable defaults toFalseand is already imported at line 74 of the same file.Testing
Verified locally with a redirect server PoC. Without the fix, aiohttp follows a 302 redirect from a public URL to
127.0.0.1:PORT/internal. With the fix, the redirect is correctly blocked.🤖 Generated with Claude Code
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.