github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.2k Packages Projects Releases 126 Wiki Activity

[PR #23261] [CLOSED] fix: use sessionStorage for showControls to prevent cross-tab state leakage #50157

New Issue
Closed
opened 2026-04-30 02:44:04 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-30 02:44:04 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/23261
Author: @karthik-idikuda
Created: 3/31/2026
Status: Closed

Base: devHead: fix/cross-tab-showcontrols-state-leak

📝 Commits (1)

  • fd182c9 fix: use sessionStorage for showControls to prevent cross-tab state leakage

📊 Changes

1 file changed (+5 additions, -2 deletions)

View changed files

📝 src/routes/(app)/+layout.svelte (+5 -2)

📄 Description

Pull Request Checklist

Before submitting, make sure you've checked the following:

  • Target branch: Verify that the pull request targets the dev branch.
  • Description: Provided below.
  • Changelog: Included below.
  • Testing: Manually verified the fix works as intended.
  • Code review: Self-reviewed the changes.

Changelog Entry

Description

Opening an Artifacts preview in one browser tab automatically expands the Advanced Settings/Controls panel on the Home page in another tab, without user action. This is caused by showControls being persisted via localStorage which is shared across all tabs of the same origin.

Root Cause:
In src/routes/(app)/+layout.svelte, the showControls store state is persisted via localStorage:

await showControls.set(!$mobile ? localStorage.showControls === 'true' : false);
showControls.subscribe((value) => {
    localStorage.showControls = value ? 'true' : 'false';
});

Since localStorage is shared across all tabs:

  1. Tab A: User opens Artifacts preview -> showControls.set(true) -> writes localStorage.showControls = 'true'
  2. Tab B: User navigates to Home -> onMount reads localStorage.showControls === 'true' -> controls panel auto-expands

Fix: Switch from localStorage to sessionStorage for persisting showControls. sessionStorage is isolated per browser tab/session, so each tab maintains its own independent controls panel state. This preserves within-tab persistence (controls stay open across SPA navigation within the same tab) while eliminating cross-tab leakage.

Note: chatControlsSize (the panel width) intentionally remains in localStorage so the user's preferred panel width is preserved globally.

Fixed

  • Fixed cross-tab state leakage where opening Artifacts preview in one tab would auto-expand Advanced Settings/Controls panel in another tab (#23232)

Additional Information

  • Only showControls is affected. Other localStorage items like chatControlsSize and selectedTerminalId correctly use localStorage since they represent user preferences that should persist globally.

Contributor License Agreement

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/23261 **Author:** [@karthik-idikuda](https://github.com/karthik-idikuda) **Created:** 3/31/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `fix/cross-tab-showcontrols-state-leak` --- ### 📝 Commits (1) - [`fd182c9`](https://github.com/open-webui/open-webui/commit/fd182c919650a2e669f5eb88470768e0c75e6868) fix: use sessionStorage for showControls to prevent cross-tab state leakage ### 📊 Changes **1 file changed** (+5 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `src/routes/(app)/+layout.svelte` (+5 -2) </details> ### 📄 Description <!-- CRITICAL CHECKS FOR CONTRIBUTORS (READ, DON'T DELETE) 1. Target the `dev` branch. PRs targeting `main` will be automatically closed. 2. Do NOT delete the CLA section at the bottom. It is required for the bot to accept your PR. --> # Pull Request Checklist **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Verify that the pull request targets the `dev` branch. - [x] **Description:** Provided below. - [x] **Changelog:** Included below. - [x] **Testing:** Manually verified the fix works as intended. - [x] **Code review:** Self-reviewed the changes. # Changelog Entry ### Description Opening an Artifacts preview in one browser tab automatically expands the Advanced Settings/Controls panel on the Home page in another tab, without user action. This is caused by `showControls` being persisted via `localStorage` which is shared across all tabs of the same origin. **Root Cause:** In `src/routes/(app)/+layout.svelte`, the `showControls` store state is persisted via `localStorage`: ```js await showControls.set(!$mobile ? localStorage.showControls === 'true' : false); showControls.subscribe((value) => { localStorage.showControls = value ? 'true' : 'false'; }); ``` Since `localStorage` is shared across all tabs: 1. **Tab A**: User opens Artifacts preview -> `showControls.set(true)` -> writes `localStorage.showControls = 'true'` 2. **Tab B**: User navigates to Home -> `onMount` reads `localStorage.showControls === 'true'` -> controls panel auto-expands **Fix:** Switch from `localStorage` to `sessionStorage` for persisting `showControls`. `sessionStorage` is isolated per browser tab/session, so each tab maintains its own independent controls panel state. This preserves within-tab persistence (controls stay open across SPA navigation within the same tab) while eliminating cross-tab leakage. Note: `chatControlsSize` (the panel width) intentionally remains in `localStorage` so the user's preferred panel width is preserved globally. ### Fixed - Fixed cross-tab state leakage where opening Artifacts preview in one tab would auto-expand Advanced Settings/Controls panel in another tab (#23232) ### Additional Information - Only `showControls` is affected. Other `localStorage` items like `chatControlsSize` and `selectedTerminalId` correctly use `localStorage` since they represent user preferences that should persist globally. ### Contributor License Agreement - [x] By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-30 02:44:04 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#50157
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?