issue: Inconsistent Tool Server Verification (Admin vs. User) #4824

New Issue

Closed

opened 2025-11-11 16:03:52 -06:00 by GiteaMirror · 1 comment

GiteaMirror commented 2025-11-11 16:03:52 -06:00

Owner

Copy Link

Originally created by @tth37 on GitHub (Apr 12, 2025).

Check Existing Issues

• I have searched the existing issues and discussions.
• I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

v0.6.2

Ollama Version (if applicable)

No response

Operating System

Docker environment

Browser (if applicable)

No response

Confirmation

• I have read and followed all instructions in README.md.
• I am using the latest version of both Open WebUI and Ollama.
• I have included the browser console logs.
• I have included the Docker container logs.
• I have listed steps to reproduce the bug in detail.

Problem

There is an inconsistency in how Open-WebUI verifies Tool Server URLs between the Admin Settings panel and the User Settings panel. Additionally, user-scope tool server metadata is not cached, leading to repeated requests.

Actual Behavior

1. Admin Settings: When adding/verifying a Tool Server in the Admin Settings panel, clicking the "Verify" button triggers a backend request to /api/v1/configs/tool_servers/verify
2. User Settings: When adding/verifying a Tool Server in User Settings panel, clicking the "Verify" button triggers a direct POST request from the user's browser to <tool_server_url>/openapi.json
3. Every time the Open-WebUI page is reloaded, requests are sent from the browser to fetch <tool_server_url>/openapi.json for each configured user-scope tool server. The metadata are not cached.

Critical Problems:

• If the target Tool Server doesn't have permissive CORS headers, the browser will block the verification request.
• If Open-WebUI is served over HTTPS, but the Tool Server is served over HTTP, browsers will also block the verification request.
• The lack of caching for user-scope tool server metadata (openapi.json) means redundant requests are made on every page load.

Logs & Screenshots

User-scope OpenAPI Tool Server verification:

Verification fails:

Each time the page is reloaded:

Suggestion

1. Refactor the Tool Server verification logic in User Settings panel to proxy the request through the Open-WebUI backend, similar to how it's handled in the Admin Settings.
2. Implement caching for the fetched openapi.json metadata for user-scope tool servers. Maybe storing this within the $settings object (currently only openapi_tool_urls are stored)

Originally created by @tth37 on GitHub (Apr 12, 2025). ### Check Existing Issues - [x] I have searched the existing issues and discussions. - [x] I am using the latest version of Open WebUI. ### Installation Method Docker ### Open WebUI Version v0.6.2 ### Ollama Version (if applicable) _No response_ ### Operating System Docker environment ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have listed steps to reproduce the bug in detail. ### Problem There is an inconsistency in how Open-WebUI verifies Tool Server URLs between the Admin Settings panel and the User Settings panel. Additionally, user-scope tool server metadata is not cached, leading to repeated requests. ### Actual Behavior 1. **Admin Settings**: When adding/verifying a Tool Server in the Admin Settings panel, clicking the "Verify" button triggers a backend request to `/api/v1/configs/tool_servers/verify` 2. **User Settings**: When adding/verifying a Tool Server in **User Settings** panel, clicking the "Verify" button triggers a **direct POST request from the user's browser** to `<tool_server_url>/openapi.json` 3. Every time the Open-WebUI page is reloaded, requests are sent from the browser to fetch `<tool_server_url>/openapi.json` for **each** configured user-scope tool server. The metadata are not cached. **Critical Problems:** - If the target Tool Server doesn't have permissive CORS headers, the browser will block the verification request. - If Open-WebUI is served over HTTPS, but the Tool Server is served over HTTP, browsers will also block the verification request. - The lack of caching for user-scope tool server metadata (openapi.json) means redundant requests are made on every page load. ### Logs & Screenshots User-scope OpenAPI Tool Server verification:  Verification fails:  Each time the page is reloaded:  ### Suggestion 1. Refactor the Tool Server verification logic in User Settings panel to proxy the request through the Open-WebUI backend, similar to how it's handled in the Admin Settings. 2. Implement caching for the fetched `openapi.json` metadata for user-scope tool servers. Maybe storing this within the $settings object (currently only openapi_tool_urls are stored)

GiteaMirror added the bug label 2025-11-11 16:03:52 -06:00

GiteaMirror closed this issue 2025-11-11 16:03:52 -06:00

GiteaMirror commented 2025-11-11 16:03:53 -06:00

Author

Owner

Copy Link

@tjbck commented on GitHub (Apr 12, 2025):

Intended behaviour. They're "direct" tool connections. One of the advantages of hosting tool servers is allowing users to connect their LLMs to their locally hosted tools.

https://docs.openwebui.com/openapi-servers/faq

@tjbck commented on GitHub (Apr 12, 2025): Intended behaviour. They're "direct" tool connections. One of the advantages of hosting tool servers is allowing users to connect their LLMs to their locally hosted tools. https://docs.openwebui.com/openapi-servers/faq

GiteaMirror referenced this issue 2026-04-19 20:22:36 -05:00

[GH-ISSUE #4824] Tool enabling in chat is not sticky. The toogle seems to reset itself. #13745

GiteaMirror referenced this issue 2026-04-25 03:41:58 -05:00

[GH-ISSUE #4824] Tool enabling in chat is not sticky. The toogle seems to reset itself. #29273

GiteaMirror referenced this issue 2026-05-05 13:29:47 -05:00

[GH-ISSUE #4824] Tool enabling in chat is not sticky. The toogle seems to reset itself. #52411

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

v0.9.2

v0.9.1

v0.9.0

v0.8.12

v0.8.11

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.2

v0.7.1

v0.7.0

v0.6.43

v0.6.42

v0.6.41

v0.6.40

v0.6.39

v0.6.38

v0.6.37

v0.6.36

v0.6.35

v0.6.34

v0.6.33

v0.6.32

v0.6.31

v0.6.30

v0.6.29

v0.6.28

v0.6.27

v0.6.26

v0.6.25

v0.6.24

v0.6.23

v0.6.22

v0.6.21

v0.6.20

v0.6.19

v0.6.18

v0.6.17

v0.6.16

v0.6.15

v0.6.14

v0.6.13

v0.6.12

v0.6.11

v0.6.10

v0.6.9

v0.6.8

v0.6.7

v0.6.6

v0.6.5

v0.6.4

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.20

v0.5.19

v0.5.18

v0.5.17

v0.5.16

v0.5.15

v0.5.14

v0.5.13

v0.5.12

v0.5.11

v0.5.10

v0.5.9

v0.5.8

v0.5.7

v0.5.6

v0.5.5

v0.5.4

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.8

v0.4.7

v0.4.6

v0.4.5

v0.4.4

v0.4.3

v0.4.2

v0.4.1

v0.4.0

v0.3.35

v0.3.34

v0.3.33

v0.3.32

v0.3.31

v0.3.30

v0.3.29

v0.3.28

v0.3.27

v0.3.26

v0.3.25

v0.3.24

v0.3.23

v0.3.22

v0.3.21

v0.3.20

v0.3.19

v0.3.18

v0.3.17

v0.3.16

v0.3.15

v0.3.14

v0.3.13

v0.3.12

v0.3.11

v0.3.10

v0.3.9

v0.3.8

v0.3.7

v0.3.6

v0.3.5

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3.0

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.125

v0.1.124

v0.1.123

v0.1.122

v0.1.121

v0.1.120

v0.1.119

v0.1.118

v0.1.117

v0.1.116

v0.1.115

v0.1.114

v0.1.113

v0.1.112

v0.1.111

v0.1.110

v0.1.109

v0.1.108

v0.1.107

v0.1.106

v0.1.105

v0.1.104

v0.1.103

v0.1.102

Labels

Clear labels

bug

confirmed

confirmed issue

core

documentation

enhancement

good first issue

help wanted

non-core

pull-request

Mirrored from GitHub Pull Request

python

question

testing wanted

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/open-webui#4824