mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-18 02:04:06 -05:00
[PR #24874] [CLOSED] fix: remove duplicate allow_redirects kwarg crashing SafeWebBaseLoader._fetch #131563
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/24874
Author: @offbyonebit
Created: 5/18/2026
Status: ❌ Closed
Base:
main← Head:fix/safe-web-loader-allow-redirects-duplicate-kwarg📝 Commits (1)
e72b771fix: remove duplicate allow_redirects kwarg in SafeWebBaseLoader._fetch📊 Changes
1 file changed (+0 additions, -1 deletions)
View changed files
📝
backend/open_webui/retrieval/web/utils.py(+0 -1)📄 Description
Summary
SafeWebBaseLoader.__init__storesAIOHTTP_CLIENT_ALLOW_REDIRECTSinsideself.requests_kwargs:_fetchthen unpacksself.requests_kwargsand passesallow_redirectsas an explicit keyword argument:Python raises:
Because
continue_on_failure=True, the exception is silently swallowed for every URL. Web search always returns zero sources ("no sources found"), regardless of what SearXNG returns.Fix
Remove the redundant explicit keyword argument from
session.get().AIOHTTP_CLIENT_ALLOW_REDIRECTSis already carried byself.requests_kwargs, so the SSRF redirect-blocking protection added in v0.9.5 (ref: GHSA-rh5x-h6pp-cjj6) is fully preserved.Reproduction
Affected version
v0.9.5 — the duplicate was introduced by the SSRF fix that added
allow_redirectstorequests_kwargs.🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.