github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 02:48:13 -05:00
Code Issues 1.1k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #19683] issue: Potential Issues in API Base URL & Key Resolution Logic (Needs Double Check) #18955

New Issue
Closed
opened 2026-04-20 01:14:36 -05:00 by GiteaMirror · 1 comment
GiteaMirror commented 2026-04-20 01:14:36 -05:00
Owner
Copy Link

Originally created by @flefevre on GitHub (Dec 2, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/19683

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

V0.6.40

Ollama Version (if applicable)

No response

Operating System

Ubuntu 22.04

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

Description

There are several areas in the current API configuration code that potentially introduce unexpected behavior. These issues should be double-checked to ensure that environment variables, base URLs, and API keys work as intended.

I am looking at [backend\open_webui\config.py](https://github.com/open-webui/open-webui/blob/main/backend/open_webui/config.py)

1. Base URL might be unintentionally overwritten

At the end of the file, the following line:

OPENAI_API_BASE_URL = "https://api.openai.com/v1"

unconditionally replaces the previously computed value.
This may override:

  • the value from OPENAI_API_BASE_URL
  • the value(s) parsed from OPENAI_API_BASE_URLS
  • user-defined custom endpoints

It’s possible this was not intended and should be double-checked.

2. API key/base URL mapping might silently fail

The mapping logic:

OPENAI_API_KEY = OPENAI_API_KEYS.value[
    OPENAI_API_BASE_URLS.value.index("https://api.openai.com/v1")
]

can raise an exception if the default OpenAI URL is not present in the list.
Because the exception is fully swallowed:

except Exception:
    pass

OPENAI_API_KEY might stay empty without any warning.
This should be reviewed to avoid silent misconfiguration.

3. OPENAI_API_KEY might be overwritten unintentionally

The code resets the key:

OPENAI_API_KEY = ""

even if the user provided a simple OPENAI_API_KEY. If the mapping fails, the effective key becomes an empty string.

This behavior should probably be double-checked.

4. Possible key/base URL desynchronization

Because the base URL is forced back to the default at the end, while the key might have been resolved for a different URL, the final config could potentially become inconsistent.

Actual Behavior

each time when deploying with Kubernetes the value OPENAI_API_KEY and OPENAI_API_BASE_URL are overwritten by the code.

Steps to Reproduce

Here the configuration for our values for kubernetes

Logs & Screenshots

Proposed Fix (Patch Example)

Below is a suggested correction that:

  • avoids overriding values unexpectedly
  • validates mappings
  • preserves the simple OPENAI_API_KEY
  • logs errors instead of swallowing them
# Preserve original env-provided key
_default_api_key = os.environ.get("OPENAI_API_KEY", "")
_default_base_url = os.environ.get("OPENAI_API_BASE_URL", "https://api.openai.com/v1")

# Normalize base URLs
base_urls = os.environ.get("OPENAI_API_BASE_URLS", _default_base_url)
base_urls = [
    url.rstrip("/") if url else "https://api.openai.com/v1"
    for url in base_urls.split(";")
]

OPENAI_API_BASE_URLS = PersistentConfig(
    "OPENAI_API_BASE_URLS", "openai.api_base_urls", base_urls
)

# Load API keys
keys = os.environ.get("OPENAI_API_KEYS", "") or _default_api_key
keys = [k.strip() for k in keys.split(";")]

OPENAI_API_KEYS = PersistentConfig(
    "OPENAI_API_KEYS", "openai.api_keys", keys
)

# Determine active key based on active base URL
try:
    idx = OPENAI_API_BASE_URLS.value.index(_default_base_url)
    OPENAI_API_KEY = OPENAI_API_KEYS.value[idx]
except ValueError:
    # Base URL not found in list → fallback to simple key
    OPENAI_API_KEY = _default_api_key

# Use default or environment value without forced override
OPENAI_API_BASE_URL = _default_base_url

Additional Information

Nothing here is necessarily a confirmed bug, but there are several places where behavior might be unintended, and a double-check is recommended. The proposed patch above aims to make the configuration predictable and robust.

Originally created by @flefevre on GitHub (Dec 2, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/19683 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Docker ### Open WebUI Version V0.6.40 ### Ollama Version (if applicable) _No response_ ### Operating System Ubuntu 22.04 ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior ### **Description** There are several areas in the current API configuration code that *potentially* introduce unexpected behavior. These issues should be double-checked to ensure that environment variables, base URLs, and API keys work as intended. I am looking at [[backend\open_webui\config.py](https://github.com/open-webui/open-webui/blob/main/backend/open_webui/config.py)](https://github.com/open-webui/open-webui/blob/main/backend/open_webui/config.py) --- ## **1. Base URL might be unintentionally overwritten** At the end of the file, the following line: ```python OPENAI_API_BASE_URL = "https://api.openai.com/v1" ``` unconditionally replaces the previously computed value. This *may* override: * the value from `OPENAI_API_BASE_URL` * the value(s) parsed from `OPENAI_API_BASE_URLS` * user-defined custom endpoints It’s possible this was not intended and should be double-checked. --- ## **2. API key/base URL mapping might silently fail** The mapping logic: ```python OPENAI_API_KEY = OPENAI_API_KEYS.value[ OPENAI_API_BASE_URLS.value.index("https://api.openai.com/v1") ] ``` can raise an exception if the default OpenAI URL is not present in the list. Because the exception is fully swallowed: ```python except Exception: pass ``` `OPENAI_API_KEY` *might* stay empty without any warning. This should be reviewed to avoid silent misconfiguration. --- ## **3. `OPENAI_API_KEY` might be overwritten unintentionally** The code resets the key: ```python OPENAI_API_KEY = "" ``` even if the user provided a simple `OPENAI_API_KEY`. If the mapping fails, the effective key becomes an empty string. This behavior should probably be double-checked. --- ## **4. Possible key/base URL desynchronization** Because the base URL is forced back to the default at the end, while the key might have been resolved for a different URL, the final config could potentially become inconsistent. ### Actual Behavior each time when deploying with Kubernetes the value OPENAI_API_KEY and OPENAI_API_BASE_URL are overwritten by the code. ### Steps to Reproduce Here the configuration for our values for kubernetes - name: OPENAI_API_KEY valueFrom: secretKeyRef: name: pipelines-secret key: pipelines_api_key - name: OPENAI_API_KEYS valueFrom: secretKeyRef: name: pipelines-secret key: litellm-api-keys - name: OPENAI_API_BASE_URL value: 'http://mylab-pipelines-openwebui:9099' - name: OPENAI_API_BASE_URLS value: 'http://mylab-pipelines-openwebui:9099;http://mylab-litellm:8989/v1' ### Logs & Screenshots ## ✅ **Proposed Fix (Patch Example)** Below is a suggested correction that: * avoids overriding values unexpectedly * validates mappings * preserves the simple `OPENAI_API_KEY` * logs errors instead of swallowing them ```python # Preserve original env-provided key _default_api_key = os.environ.get("OPENAI_API_KEY", "") _default_base_url = os.environ.get("OPENAI_API_BASE_URL", "https://api.openai.com/v1") # Normalize base URLs base_urls = os.environ.get("OPENAI_API_BASE_URLS", _default_base_url) base_urls = [ url.rstrip("/") if url else "https://api.openai.com/v1" for url in base_urls.split(";") ] OPENAI_API_BASE_URLS = PersistentConfig( "OPENAI_API_BASE_URLS", "openai.api_base_urls", base_urls ) # Load API keys keys = os.environ.get("OPENAI_API_KEYS", "") or _default_api_key keys = [k.strip() for k in keys.split(";")] OPENAI_API_KEYS = PersistentConfig( "OPENAI_API_KEYS", "openai.api_keys", keys ) # Determine active key based on active base URL try: idx = OPENAI_API_BASE_URLS.value.index(_default_base_url) OPENAI_API_KEY = OPENAI_API_KEYS.value[idx] except ValueError: # Base URL not found in list → fallback to simple key OPENAI_API_KEY = _default_api_key # Use default or environment value without forced override OPENAI_API_BASE_URL = _default_base_url ``` ### Additional Information Nothing here is necessarily a confirmed bug, but there are several places where behavior *might* be unintended, and a double-check is recommended. The proposed patch above aims to make the configuration predictable and robust.
GiteaMirror added the bug label 2026-04-20 01:14:36 -05:00
GiteaMirror commented 2026-04-20 01:14:38 -05:00
Author
Owner
Copy Link

@owui-terminator[bot] commented on GitHub (Dec 2, 2025):

🔍 Similar Issues Found

I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions:

  1. #19519 issue: Base64 encoded images included in API responses
    by luke-wren • Nov 26, 2025 • bug

  2. #19563 issue:
    by naruto7g • Nov 28, 2025 • bug

  3. #19211 issue:
    by Byrnes9 • Nov 16, 2025 • bug

  4. #19420 issue: Unable to create new api-keys - 403 forbidden
    by DominikStarke • Nov 24, 2025 • bug

  5. #14908 issue: 401 x-api-key header is required web search
    by deresolution20 • Jun 11, 2025 • bug

Show 5 more related issues

  1. #19260 issue: Elevenlabs TTS API Key appears unobscured in the admin/settings page
    by tomhaynes • Nov 18, 2025 • bug

  2. #19168 issue: SCIM endpoints accessible even when not listed in API_KEY_ALLOWED_ENDPOINTS
    by flefevre • Nov 13, 2025 • bug

  3. #19017 issue: OPENAI_API_CONFIGS and OLLAMA_API_CONFIGS environment variables are not parsed from JSON
    by runixer • Nov 07, 2025 • bug

  4. #19417 issue: v0.6.37 SQL Error
    by AKHYP • Nov 24, 2025 • bug

  5. #17907 issue: API Key rejected for /api/v1/files/ upload despite correct config in v0.6.32
    by sanctimon • Sep 29, 2025 • bug

💡 Tips:

  • If this is a duplicate, please consider closing this issue and adding any additional details to the existing one
  • If you found a solution in any of these issues, please share it here to help others

This comment was generated automatically by a bot. Please react with a 👍 if this comment was helpful, or a 👎 if it was not.

<!-- gh-comment-id:3601570455 --> @owui-terminator[bot] commented on GitHub (Dec 2, 2025): 🔍 **Similar Issues Found** I found some existing issues that might be related to this one. Please check if any of these are duplicates or contain helpful solutions: 1. [#19519](https://github.com/open-webui/open-webui/issues/19519) **issue: Base64 encoded images included in API responses** *by luke-wren • Nov 26, 2025 • `bug`* 2. [#19563](https://github.com/open-webui/open-webui/issues/19563) **issue:** *by naruto7g • Nov 28, 2025 • `bug`* 3. [#19211](https://github.com/open-webui/open-webui/issues/19211) **issue:** *by Byrnes9 • Nov 16, 2025 • `bug`* 4. [#19420](https://github.com/open-webui/open-webui/issues/19420) **issue: Unable to create new api-keys - 403 forbidden** *by DominikStarke • Nov 24, 2025 • `bug`* 5. [#14908](https://github.com/open-webui/open-webui/issues/14908) **issue: 401 x-api-key header is required web search** *by deresolution20 • Jun 11, 2025 • `bug`* <details> <summary>Show 5 more related issues</summary> 6. [#19260](https://github.com/open-webui/open-webui/issues/19260) **issue: Elevenlabs TTS API Key appears unobscured in the admin/settings page** *by tomhaynes • Nov 18, 2025 • `bug`* 7. [#19168](https://github.com/open-webui/open-webui/issues/19168) **issue: SCIM endpoints accessible even when not listed in `API_KEY_ALLOWED_ENDPOINTS`** *by flefevre • Nov 13, 2025 • `bug`* 8. [#19017](https://github.com/open-webui/open-webui/issues/19017) **issue: OPENAI_API_CONFIGS and OLLAMA_API_CONFIGS environment variables are not parsed from JSON** *by runixer • Nov 07, 2025 • `bug`* 9. [#19417](https://github.com/open-webui/open-webui/issues/19417) **issue: v0.6.37 SQL Error** *by AKHYP • Nov 24, 2025 • `bug`* 10. [#17907](https://github.com/open-webui/open-webui/issues/17907) **issue: API Key rejected for /api/v1/files/ upload despite correct config in v0.6.32** *by sanctimon • Sep 29, 2025 • `bug`* </details> --- 💡 **Tips:** - If this is a duplicate, please consider closing this issue and adding any additional details to the existing one - If you found a solution in any of these issues, please share it here to help others *This comment was generated automatically by a bot.* Please react with a 👍 if this comment was helpful, or a 👎 if it was not.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#18955
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?