[PR #24817] [CLOSED] fix: prevent redirect-based SSRF in OAuth picture URL fetch #115178

Closed
opened 2026-05-18 16:07:53 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/24817
Author: @Sanaullah-Korai
Created: 5/16/2026
Status: Closed

Base: mainHead: fix/ssrf-redirect-oauth-picture-url


📝 Commits (1)

  • e5d7933 fix: prevent redirect-based SSRF in OAuth picture URL fetch

📊 Changes

1 file changed (+6 additions, -1 deletions)

View changed files

📝 backend/open_webui/utils/oauth.py (+6 -1)

📄 Description

Summary

Add allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTS to the session.get() call in _process_picture_url().

Details

The _process_picture_url() method in oauth.py:1457 calls validate_url() to guard against SSRF but does not pass allow_redirects=False to the aiohttp client. This means a URL that passes validate_url() can 302-redirect to an internal address (e.g., 169.254.169.254) and the redirect is followed.

Fix

This matches the existing pattern already used in:

  • OAuth preflight check (oauth.py:744)
  • Image fetch pipeline (images.py:820)
  • Web retrieval pipeline (retrieval/utils.py:189)
  • File processing pipeline (files.py:61-64)

The AIOHTTP_CLIENT_ALLOW_REDIRECTS variable defaults to False and is already imported at line 74 of the same file.

Testing

Verified locally with a redirect server PoC. Without the fix, aiohttp follows a 302 redirect from a public URL to 127.0.0.1:PORT/internal. With the fix, the redirect is correctly blocked.


🤖 Generated with Claude Code


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/24817 **Author:** [@Sanaullah-Korai](https://github.com/Sanaullah-Korai) **Created:** 5/16/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `fix/ssrf-redirect-oauth-picture-url` --- ### 📝 Commits (1) - [`e5d7933`](https://github.com/open-webui/open-webui/commit/e5d79339da7118b0459ad6bfc754dd285416bd6f) fix: prevent redirect-based SSRF in OAuth picture URL fetch ### 📊 Changes **1 file changed** (+6 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/oauth.py` (+6 -1) </details> ### 📄 Description ## Summary Add `allow_redirects=AIOHTTP_CLIENT_ALLOW_REDIRECTS` to the `session.get()` call in `_process_picture_url()`. ## Details The `_process_picture_url()` method in `oauth.py:1457` calls `validate_url()` to guard against SSRF but does not pass `allow_redirects=False` to the aiohttp client. This means a URL that passes `validate_url()` can 302-redirect to an internal address (e.g., `169.254.169.254`) and the redirect is followed. ## Fix This matches the existing pattern already used in: - OAuth preflight check (`oauth.py:744`) - Image fetch pipeline (`images.py:820`) - Web retrieval pipeline (`retrieval/utils.py:189`) - File processing pipeline (`files.py:61-64`) The `AIOHTTP_CLIENT_ALLOW_REDIRECTS` variable defaults to `False` and is already imported at line 74 of the same file. ## Testing Verified locally with a redirect server PoC. Without the fix, aiohttp follows a 302 redirect from a public URL to `127.0.0.1:PORT/internal`. With the fix, the redirect is correctly blocked. --- 🤖 Generated with [Claude Code](https://claude.com/claude-code) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-18 16:07:53 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#115178