[PR #24487] [CLOSED] fix: validate redirect targets during RAG web ingestion #131342

Closed
opened 2026-05-21 16:42:54 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/24487
Author: @Dawn-Fighter
Created: 5/9/2026
Status: Closed

Base: mainHead: fix-rag-redirect-ssrf-validation


📝 Commits (1)

  • aadb838 fix: validate redirect targets during RAG web ingestion

📊 Changes

3 files changed (+129 additions, -2 deletions)

View changed files

📝 backend/open_webui/retrieval/utils.py (+2 -2)
📝 backend/open_webui/retrieval/web/utils.py (+49 -0)
backend/open_webui/test/retrieval/web/test_url_validation.py (+78 -0)

📄 Description

Summary

  • Validate each redirect target during requests-based RAG web URL ingestion instead of only validating the initial URL.
  • Route synchronous web-loader and binary-content preflight requests through a safe GET helper.
  • Add regression tests covering public URLs that redirect to private network targets.

Why

Open WebUI already blocks direct private/local URLs when local web fetch is disabled, but requests-based ingestion paths could follow redirects after the initial validation. A public URL could redirect backend ingestion to localhost, private networks, or cloud metadata endpoints.

Tests

  • PYTHONPATH=backend uv run pytest backend/open_webui/test/retrieval/web/test_url_validation.py -q
  • App smoke test: /health and /ready returned 200 {"status":true}

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/24487 **Author:** [@Dawn-Fighter](https://github.com/Dawn-Fighter) **Created:** 5/9/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `fix-rag-redirect-ssrf-validation` --- ### 📝 Commits (1) - [`aadb838`](https://github.com/open-webui/open-webui/commit/aadb838708877d6ec32bd58a5a49e320ab92a53b) fix: validate redirect targets during RAG web ingestion ### 📊 Changes **3 files changed** (+129 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/retrieval/utils.py` (+2 -2) 📝 `backend/open_webui/retrieval/web/utils.py` (+49 -0) ➕ `backend/open_webui/test/retrieval/web/test_url_validation.py` (+78 -0) </details> ### 📄 Description ## Summary - Validate each redirect target during requests-based RAG web URL ingestion instead of only validating the initial URL. - Route synchronous web-loader and binary-content preflight requests through a safe GET helper. - Add regression tests covering public URLs that redirect to private network targets. ## Why Open WebUI already blocks direct private/local URLs when local web fetch is disabled, but requests-based ingestion paths could follow redirects after the initial validation. A public URL could redirect backend ingestion to localhost, private networks, or cloud metadata endpoints. ## Tests - `PYTHONPATH=backend uv run pytest backend/open_webui/test/retrieval/web/test_url_validation.py -q` - App smoke test: `/health` and `/ready` returned `200 {"status":true}` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-21 16:42:55 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#131342