github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-08 12:58:11 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #14032] issue: Logging Backend Config for no apparent reason #17114

New Issue
Closed
opened 2026-04-19 22:52:22 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-04-19 22:52:22 -05:00
Owner
Copy Link

Originally created by @MariusWilsch on GitHub (May 19, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/14032

Check Existing Issues

  • I have searched the existing issues and discussions.
  • I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

0.6.9

Ollama Version (if applicable)

N/A

Operating System

Ubuntu 22.04

Browser (if applicable)

Arc

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have listed steps to reproduce the bug in detail.

Expected Behavior

No logging of backend config to browser console.

Actual Behavior

The backend config is being logged to the browser console, exposing sensitive configuration data that should not be visible to users. The following code in the frontend is causing the issue:

let backendConfig = null;
try {
    backendConfig = await getBackendConfig();
    console.log('Backend config:', backendConfig);
} catch (error) {
    console.error('Error loading backend config:', error);
}

Setting GLOBAL_LOG_LEVEL to WARNING or CRITICAL does not affect frontend logging behavior.

Steps to Reproduce

  1. Deploy OpenWebUI v0.6.9 using Docker
  2. Open browser and navigate to the OpenWebUI URL
  3. Open developer tools (F12) and check the console
  4. Observe backend configuration being printed to console on every page load/auth redirect

Logs & Screenshots

Backend config: 
{status: true, name: 'Open WebUI', version: '0.6.9', default_locale: '', oauth: {…}, …}

Security Concern

This exposes potentially sensitive configuration details to anyone who opens the browser console, which presents a security risk.

Originally created by @MariusWilsch on GitHub (May 19, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/14032 ### Check Existing Issues - [x] I have searched the existing issues and discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Docker ### Open WebUI Version 0.6.9 ### Ollama Version (if applicable) N/A ### Operating System Ubuntu 22.04 ### Browser (if applicable) Arc ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have listed steps to reproduce the bug in detail. ### Expected Behavior No logging of backend config to browser console. ### Actual Behavior The backend config is being logged to the browser console, exposing sensitive configuration data that should not be visible to users. The following code in the frontend is causing the issue: ```js let backendConfig = null; try { backendConfig = await getBackendConfig(); console.log('Backend config:', backendConfig); } catch (error) { console.error('Error loading backend config:', error); } ``` Setting `GLOBAL_LOG_LEVEL` to `WARNING` or `CRITICAL` does not affect frontend logging behavior. ### Steps to Reproduce 1. Deploy OpenWebUI v0.6.9 using Docker 2. Open browser and navigate to the OpenWebUI URL 3. Open developer tools (F12) and check the console 4. Observe backend configuration being printed to console on every page load/auth redirect ### Logs & Screenshots ``` Backend config: {status: true, name: 'Open WebUI', version: '0.6.9', default_locale: '', oauth: {…}, …} ``` ### Security Concern This exposes potentially sensitive configuration details to anyone who opens the browser console, which presents a security risk.
GiteaMirror added the bug label 2026-04-19 22:52:22 -05:00
GiteaMirror commented 2026-04-19 22:52:24 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (May 19, 2025):

Intended behaviour and is not a security concern.

<!-- gh-comment-id:2890447471 --> @tjbck commented on GitHub (May 19, 2025): Intended behaviour and is not a security concern.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#17114
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?