github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-03-09 23:35:09 -05:00
Code Issues 308 Packages Projects Releases 100 Wiki Activity

Add credentials: 'include' to chat completion fetch to enable cookie-based validation #5263

New Issue
Closed
opened 2025-11-11 16:15:52 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-11 16:15:52 -06:00
Owner
Copy Link

Originally created by @entanglesoftware on GitHub (May 21, 2025).

Summary

Update the chat modal so that AJAX (fetch) requests to /api/chat include credentials: 'include' in the fetch options. This ensures cookies are sent with the request and allows backend validation using session or authentication cookies.

Details

  • In src/lib/components/chat/Chat.svelte, locate the function responsible for calling the chat completion endpoint (e.g., generateChatCompletion).
  • Update the fetch call to /api/chat (or equivalent) to include credentials: 'include'.
  • This enables cookies to be sent along with the AJAX request, supporting validation and authentication on the backend.

Example Change

 fetch('/api/chat', {
   method: 'POST',
   headers: { ... },
   body: JSON.stringify(payload),
+  credentials: 'include'
 })

Motivation

Some deployments require validation and authentication via cookies rather than only using bearer tokens. This change provides compatibility for such setups.

Impact

  • Only the fetch request for chat completion is affected.
  • No breaking changes; authentication via headers will still work.

If you need this change for other endpoints as well, please specify!

Originally created by @entanglesoftware on GitHub (May 21, 2025). ## Summary Update the chat modal so that AJAX (fetch) requests to `/api/chat` include `credentials: 'include'` in the fetch options. This ensures cookies are sent with the request and allows backend validation using session or authentication cookies. ## Details - In `src/lib/components/chat/Chat.svelte`, locate the function responsible for calling the chat completion endpoint (e.g., `generateChatCompletion`). - Update the fetch call to `/api/chat` (or equivalent) to include `credentials: 'include'`. - This enables cookies to be sent along with the AJAX request, supporting validation and authentication on the backend. ### Example Change ```diff fetch('/api/chat', { method: 'POST', headers: { ... }, body: JSON.stringify(payload), + credentials: 'include' }) ``` ## Motivation Some deployments require validation and authentication via cookies rather than only using bearer tokens. This change provides compatibility for such setups. ## Impact - Only the fetch request for chat completion is affected. - No breaking changes; authentication via headers will still work. --- If you need this change for other endpoints as well, please specify!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#5263
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?