mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 06:03:26 -05:00
[GH-ISSUE #10225] Bearer token being injected into calls to /api/models and /api/v1/users/user/settings breaking reverse proxy #15816
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @blevz on GitHub (Feb 18, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/10225
Bug Report
Installation Method
Deploying to k8s using the official image v0.5.11
Environment
Confirmation:
Expected Behavior:
Bearer tokens are not injected when trusted headers are in use. Or maybe some other method exists to tell the ui not to inject its own auth when auth is being handled by a reverse proxy.
Actual Behavior:
The jwt injected into the bearer auth header is invalid and nested by my reverse proxy, breaking the ui
Description
Bug Summary:
[Provide a brief but clear summary of the bug]
Reproduction Details
Steps to Reproduce:
[Outline the steps to reproduce the bug. Be as detailed as possible.]
Logs and Screenshots
Browser Console Logs:
[Include relevant browser console logs, if applicable]
Docker Container Logs:
[Include relevant Docker container logs, if applicable]
Screenshots/Screen Recordings (if applicable):
[Attach any relevant screenshots to help illustrate the issue]
Additional Information
[Include any additional details that may help in understanding and reproducing the issue. This could include specific configurations, error messages, or anything else relevant to the bug.]