github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.2k Packages Projects Releases 126 Wiki Activity

[PR #20139] [CLOSED] feat(mcp-http): forward extra_params (meta) #41110

New Issue
Closed
opened 2026-04-25 13:25:37 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-25 13:25:37 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/20139
Author: @FACyber-ops
Created: 12/23/2025
Status: Closed

Base: devHead: feature/mcp-meta-info

📝 Commits (7)

📊 Changes

3 files changed (+49 additions, -4 deletions)

View changed files

📝 backend/open_webui/utils/mcp/client.py (+4 -2)
📝 backend/open_webui/utils/middleware.py (+21 -1)
📝 src/lib/components/AddToolServerModal.svelte (+24 -1)

📄 Description

Pull Request Checklist

  • Target branch: This PR targets the dev branch.
  • Description: Provided below.
  • Changelog: Added at the bottom (Keep a Changelog format).
  • Documentation: N/A (no env vars).
  • Dependencies: No new dependencies added.
  • Testing: Manually tested (steps below). Screenshots to be attached.
  • Agentic AI Code: Code has been reviewed by me and manually tested.
  • Code review: Self-reviewed for coding standards and consistency.
  • Title Prefix: Uses feat: prefix.

Description

This PR adds an opt-in setting ("Enable Meta info") that forwards additional Open WebUI context to Streamable HTTP MCP requests so MCP servers can process richer information.

When enabled, the MCP request includes additional context fields such as:

  • __user__
  • __files__
  • __metadata__
  • __oauth_token__

When disabled, behavior remains unchanged (no extra meta/context is forwarded).

Related discussion: https://github.com/open-webui/open-webui/discussions/19747

Motivation / Context

Streamable HTTP MCP setups currently lack access to certain Open WebUI context (e.g. files/user info), limiting what MCP servers can do with requests. This toggle makes context forwarding explicit and user-controlled.

How to test

  1. Configure a Streamable HTTP MCP server/tool endpoint.-
    image

  2. In Open WebUI settings, enable "Enable Meta information".
    image

  3. Send a request that includes an attached file and/or requires user context.

  4. Verify on the MCP server side that it receives the additional context (__files__, __user__, __metadata__, __oauth_token__).

  5. Disable "Enable Meta info" again and verify the additional context is no longer sent.

Changelog Entry

Description

  • Add an opt-in setting to forward additional Open WebUI context to Streamable HTTP MCP requests.

Added

  • "Enable Meta info" toggle to forward __user__, __files__, __metadata__, and __oauth_token__ to MCP.

Fixed

  • N/A (Feature enhancement)

Security

  • Context forwarding is opt-in to reduce unintended exposure.
  • __oauth_token__ is potentially sensitive and is only forwarded when the user enables "Enable Meta info".

Additional Information

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/20139 **Author:** [@FACyber-ops](https://github.com/FACyber-ops) **Created:** 12/23/2025 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `feature/mcp-meta-info` --- ### 📝 Commits (7) - [`fe6783c`](https://github.com/open-webui/open-webui/commit/fe6783c16699911c7be17392596d579333fb110c) Merge pull request #19030 from open-webui/dev - [`fc05e0a`](https://github.com/open-webui/open-webui/commit/fc05e0a6c5d39da60b603b4d520f800d6e36f748) Merge pull request #19405 from open-webui/dev - [`e3faec6`](https://github.com/open-webui/open-webui/commit/e3faec62c58e3a83d89aa3df539feacefa125e0c) Merge pull request #19416 from open-webui/dev - [`9899293`](https://github.com/open-webui/open-webui/commit/9899293f050ad50ae12024cbebee7e018acd851e) Merge pull request #19448 from open-webui/dev - [`140605e`](https://github.com/open-webui/open-webui/commit/140605e660b8186a7d5c79fb3be6ffb147a2f498) Merge pull request #19462 from open-webui/dev - [`6f1486f`](https://github.com/open-webui/open-webui/commit/6f1486ffd0cb288d0e21f41845361924e0d742b3) Merge pull request #19466 from open-webui/dev - [`b25bf1e`](https://github.com/open-webui/open-webui/commit/b25bf1e3c683ebb45530c3ac3dac4dad77872036) feat(mcp-http): forward extra_params (meta) ### 📊 Changes **3 files changed** (+49 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/mcp/client.py` (+4 -2) 📝 `backend/open_webui/utils/middleware.py` (+21 -1) 📝 `src/lib/components/AddToolServerModal.svelte` (+24 -1) </details> ### 📄 Description # Pull Request Checklist - [x] **Target branch:** This PR targets the `dev` branch. - [x] **Description:** Provided below. - [x] **Changelog:** Added at the bottom (Keep a Changelog format). - [ ] **Documentation:** N/A (no env vars). - [x] **Dependencies:** No new dependencies added. - [x] **Testing:** Manually tested (steps below). Screenshots to be attached. - [x] **Agentic AI Code:** Code has been reviewed by me and manually tested. - [x] **Code review:** Self-reviewed for coding standards and consistency. - [x] **Title Prefix:** Uses `feat:` prefix. ## Description This PR adds an opt-in setting (**"Enable Meta info"**) that forwards additional Open WebUI context to Streamable HTTP MCP requests so MCP servers can process richer information. When enabled, the MCP request includes additional context fields such as: - `__user__` - `__files__` - `__metadata__` - `__oauth_token__` When disabled, behavior remains unchanged (no extra meta/context is forwarded). **Related discussion:** https://github.com/open-webui/open-webui/discussions/19747 ## Motivation / Context Streamable HTTP MCP setups currently lack access to certain Open WebUI context (e.g. files/user info), limiting what MCP servers can do with requests. This toggle makes context forwarding explicit and user-controlled. ## How to test 1. Configure a Streamable HTTP MCP server/tool endpoint.- <img width="499" height="791" alt="image" src="https://github.com/user-attachments/assets/fa93e7ca-6e8a-4254-af78-dc8edbb8d485" /> 2. In Open WebUI settings, enable **"Enable Meta information"**. <img width="464" height="39" alt="image" src="https://github.com/user-attachments/assets/e86cadfc-8e6d-42dc-8ad6-23cb775b5753" /> 3. Send a request that includes an attached file and/or requires user context. 4. Verify on the MCP server side that it receives the additional context (`__files__`, `__user__`, `__metadata__`, `__oauth_token__`). 5. Disable **"Enable Meta info"** again and verify the additional context is no longer sent. --- # Changelog Entry ### Description - Add an opt-in setting to forward additional Open WebUI context to Streamable HTTP MCP requests. ### Added - "Enable Meta info" toggle to forward `__user__`, `__files__`, `__metadata__`, and `__oauth_token__` to MCP. ### Fixed - N/A (Feature enhancement) ### Security - Context forwarding is **opt-in** to reduce unintended exposure. - `__oauth_token__` is potentially sensitive and is only forwarded when the user enables "Enable Meta info". --- ### Additional Information - Relates to: #19747 ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-25 13:25:37 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#41110
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?