[PR #21889] [CLOSED] feat: add Zaps Privacy Filter for OpenAI connections #26325

Closed
opened 2026-04-20 06:26:23 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/21889
Author: @argosautomation
Created: 2/26/2026
Status: Closed

Base: mainHead: feat/zaps-privacy-filter


📝 Commits (1)

  • 98848e7 feat: add Zaps Privacy Filter for OpenAI connections

📊 Changes

3 files changed (+68 additions, -9 deletions)

View changed files

📝 backend/open_webui/config.py (+12 -0)
📝 backend/open_webui/routers/openai.py (+36 -9)
📝 src/lib/components/admin/Settings/Connections.svelte (+20 -0)

📄 Description

Summary

Adds a Privacy Filter toggle to the OpenAI connection settings that routes all OpenAI-compatible requests through a Zaps.ai privacy gateway for automatic PII redaction and rehydration.

When enabled, all outgoing requests to OpenAI providers are transparently redirected to the configured Zaps URL. Zaps handles PII scrubbing before forwarding to the actual upstream provider, and rehydrates PII in responses.

Changes

Backend

  • config.py: Added ENABLE_ZAPS_PRIVACY_FILTER and ZAPS_API_BASE_URL persistent configurations
  • routers/openai.py: Added get_target_url() helper that conditionally redirects URLs when the filter is enabled. Applied to all OpenAI endpoints (chat completions, embeddings, models, responses, proxy)

Frontend

  • Connections.svelte: Added "Privacy Filter (Zaps)" toggle under the OpenAI API section with descriptive text

Configuration

Setting Env Var Default
Enable Privacy Filter ENABLE_ZAPS_PRIVACY_FILTER false
Zaps API Base URL ZAPS_API_BASE_URL http://localhost:3000

Both are also configurable through the admin UI.

How It Works

  1. Admin enables "Privacy Filter (Zaps)" in Settings → Connections
  2. All OpenAI API requests are intercepted by get_target_url()
  3. Requests are redirected to the Zaps gateway URL
  4. Zaps redacts PII, forwards to the upstream provider, and rehydrates PII in the response
  5. Users see normal responses with their PII never reaching the AI provider

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/21889 **Author:** [@argosautomation](https://github.com/argosautomation) **Created:** 2/26/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `feat/zaps-privacy-filter` --- ### 📝 Commits (1) - [`98848e7`](https://github.com/open-webui/open-webui/commit/98848e7584366bee03e5b5e00c6d8f88fabc0e4f) feat: add Zaps Privacy Filter for OpenAI connections ### 📊 Changes **3 files changed** (+68 additions, -9 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/config.py` (+12 -0) 📝 `backend/open_webui/routers/openai.py` (+36 -9) 📝 `src/lib/components/admin/Settings/Connections.svelte` (+20 -0) </details> ### 📄 Description ## Summary Adds a **Privacy Filter** toggle to the OpenAI connection settings that routes all OpenAI-compatible requests through a [Zaps.ai](https://zaps.ai) privacy gateway for automatic PII redaction and rehydration. When enabled, all outgoing requests to OpenAI providers are transparently redirected to the configured Zaps URL. Zaps handles PII scrubbing before forwarding to the actual upstream provider, and rehydrates PII in responses. ## Changes ### Backend - **`config.py`**: Added `ENABLE_ZAPS_PRIVACY_FILTER` and `ZAPS_API_BASE_URL` persistent configurations - **`routers/openai.py`**: Added `get_target_url()` helper that conditionally redirects URLs when the filter is enabled. Applied to all OpenAI endpoints (chat completions, embeddings, models, responses, proxy) ### Frontend - **`Connections.svelte`**: Added "Privacy Filter (Zaps)" toggle under the OpenAI API section with descriptive text ## Configuration | Setting | Env Var | Default | |---|---|---| | Enable Privacy Filter | `ENABLE_ZAPS_PRIVACY_FILTER` | `false` | | Zaps API Base URL | `ZAPS_API_BASE_URL` | `http://localhost:3000` | Both are also configurable through the admin UI. ## How It Works 1. Admin enables "Privacy Filter (Zaps)" in Settings → Connections 2. All OpenAI API requests are intercepted by `get_target_url()` 3. Requests are redirected to the Zaps gateway URL 4. Zaps redacts PII, forwards to the upstream provider, and rehydrates PII in the response 5. Users see normal responses with their PII never reaching the AI provider --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-20 06:26:23 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#26325