github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-24 03:18:21 -05:00
Code Issues 2.4k Packages Projects Releases 129 Wiki Activity

[PR #24420] [MERGED] fix:image url validation and signout post #131317

New Issue
Closed
opened 2026-05-21 16:40:17 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-21 16:40:17 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/24420
Author: @Classic298
Created: 5/6/2026
Status: Merged
Merged: 5/8/2026
Merged by: @tjbck

Base: devHead: refac/image-url-validation-and-signout-post

📝 Commits (5)

  • 2569aa6 refac(routers): reject external URLs in profile/model image handlers
  • 1e112fe refac(ui): centralize image URL validation in safeImageUrl helper
  • 017fd39 refac(auths): make signout POST-only
  • b0fe9ac Merge branch 'dev' into refac/image-url-validation-and-signout-post
  • e835b48 refac: gate external profile image redirect behind ENABLE_PROFILE_IMAGE_URL_FORWARDING

📊 Changes

9 files changed (+75 additions, -25 deletions)

View changed files

📝 backend/open_webui/env.py (+13 -0)
📝 backend/open_webui/routers/auths.py (+1 -1)
📝 backend/open_webui/routers/models.py (+10 -5)
📝 backend/open_webui/routers/users.py (+9 -6)
📝 src/lib/apis/auths/index.ts (+1 -1)
📝 src/lib/components/chat/Messages/ProfileImage.svelte (+2 -8)
📝 src/lib/components/common/Image.svelte (+2 -1)
📝 src/lib/components/common/RichTextInput/Image/image.ts (+4 -3)
src/lib/utils/safeImageUrl.ts (+33 -0)

📄 Description

Contributor License Agreement

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/24420 **Author:** [@Classic298](https://github.com/Classic298) **Created:** 5/6/2026 **Status:** ✅ Merged **Merged:** 5/8/2026 **Merged by:** [@tjbck](https://github.com/tjbck) **Base:** `dev` ← **Head:** `refac/image-url-validation-and-signout-post` --- ### 📝 Commits (5) - [`2569aa6`](https://github.com/open-webui/open-webui/commit/2569aa6d7157881f4a3553a42b70c050b6f7424d) refac(routers): reject external URLs in profile/model image handlers - [`1e112fe`](https://github.com/open-webui/open-webui/commit/1e112fe806546a15ca416ac5824f9cf616a3d591) refac(ui): centralize image URL validation in safeImageUrl helper - [`017fd39`](https://github.com/open-webui/open-webui/commit/017fd392906c91b7848442786add094deacabd82) refac(auths): make signout POST-only - [`b0fe9ac`](https://github.com/open-webui/open-webui/commit/b0fe9ac5c778257be81e222824b39b871db5705f) Merge branch 'dev' into refac/image-url-validation-and-signout-post - [`e835b48`](https://github.com/open-webui/open-webui/commit/e835b48afac99b9e576bd3f58e8825452f32e287) refac: gate external profile image redirect behind ENABLE_PROFILE_IMAGE_URL_FORWARDING ### 📊 Changes **9 files changed** (+75 additions, -25 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/env.py` (+13 -0) 📝 `backend/open_webui/routers/auths.py` (+1 -1) 📝 `backend/open_webui/routers/models.py` (+10 -5) 📝 `backend/open_webui/routers/users.py` (+9 -6) 📝 `src/lib/apis/auths/index.ts` (+1 -1) 📝 `src/lib/components/chat/Messages/ProfileImage.svelte` (+2 -8) 📝 `src/lib/components/common/Image.svelte` (+2 -1) 📝 `src/lib/components/common/RichTextInput/Image/image.ts` (+4 -3) ➕ `src/lib/utils/safeImageUrl.ts` (+33 -0) </details> ### 📄 Description ### Contributor License Agreement <!-- 🚨 DO NOT DELETE THE TEXT BELOW 🚨 Keep the "Contributor License Agreement" confirmation text intact. Deleting it will trigger the CLA-Bot to INVALIDATE your PR. Your PR will NOT be reviewed or merged until you check the box below confirming that you have read and agree to the terms of the CLA. --> - [X] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. > [!NOTE] > Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-21 16:40:17 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#131317
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?