github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #21216] [CLOSED] Fixed PWA 500 Error #64830

New Issue
Closed
opened 2026-05-06 10:32:12 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-05-06 10:32:12 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/21216
Author: @Nitin75408
Created: 2/6/2026
Status: Closed

Base: mainHead: Fixes/21072-PWA-Error

📝 Commits (1)

📊 Changes

7 files changed (+610 additions, -6 deletions)

View changed files

📝 backend/open_webui/main.py (+7 -0)
src/lib/apis/index.integration.test.ts (+155 -0)
src/lib/apis/index.test.ts (+215 -0)
📝 src/lib/apis/index.ts (+35 -3)
src/lib/utils/index.test.ts (+116 -0)
📝 src/lib/utils/index.ts (+59 -0)
📝 src/routes/+layout.svelte (+23 -3)

📄 Description

Pull Request Checklist

Note to first-time contributors: Please open a discussion post in Discussions to discuss your idea/fix with the community before creating a pull request, and describe your changes before submitting a pull request.

This is to ensure large feature PRs are discussed with the community first, before starting work on it. If the community does not want this feature or it is not relevant for Open WebUI as a project, it can be identified in the discussion before working on the feature and submitting the PR.

Before submitting, make sure you've checked the following:

  • Target branch: Verify that the pull request targets the dev branch. Not targeting the dev branch will lead to immediate closure of the PR.
  • Description: Provide a concise description of the changes made in this pull request down below.
  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
  • Documentation: If necessary, update relevant documentation Open WebUI Docs like environment variables, the tutorials, or other documentation sources.
  • Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
  • Testing: Perform manual tests to verify the implemented fix/feature works as intended AND does not break any other functionality. Take this as an opportunity to make screenshots of the feature/fix and include it in the PR description.
  • Agentic AI Code: Confirm this Pull Request is not written by any AI Agent or has at least gone through additional human review AND manual testing. If any AI Agent is the co-author of this PR, it may lead to immediate closure of the PR.
  • Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
  • Title Prefix: To clearly categorize this pull request, prefix the pull request title using one of the following:
    • BREAKING CHANGE: Significant changes that may affect compatibility
    • build: Changes that affect the build system or external dependencies
    • ci: Changes to our continuous integration processes or workflows
    • chore: Refactor, cleanup, or other non-functional code changes
    • docs: Documentation update or addition
    • feat: Introduces a new feature or enhancement to the codebase
    • fix: Bug fix or error correction
    • i18n: Internationalization or localization changes
    • perf: Performance improvement
    • refactor: Code restructuring for better maintainability, readability, or scalability
    • style: Changes that do not affect the meaning of the code (white space, formatting, missing semi-colons, etc.)
    • test: Adding missing tests or correcting existing tests
    • WIP: Work in progress, a temporary label for incomplete or ongoing work

Changelog Entry

Description

This pull request fixes a critical issue where Progressive Web Applications (PWAs) display a "500 Internal Server Error" page instead of redirecting to the external login page when the user's session expires with Trusted Header Auth or Forward Auth configurations (e.g., Authentik via Traefik).

The root cause was that when the PWA makes background API requests (such as /api/config) on startup after session expiration, the reverse proxy correctly redirects to the external login page. However, browsers block these redirects in fetch requests due to CORS policy, causing the request to fail with a network error. The frontend was not handling this specific failure gracefully and instead displayed a generic error page.

The solution implements proper detection of CORS-blocked authentication redirects and handles them by using window.location.href to trigger the browser redirect, which allows the reverse proxy to complete the authentication flow seamlessly.

Added

  • Added isAuthRedirectError() utility function in src/lib/utils/index.ts to detect CORS and network errors that indicate authentication redirects being blocked by the browser
  • Added handleAuthRedirect() utility function to properly redirect the browser when authentication redirects are detected
  • Added comprehensive test suite with unit tests and integration tests covering error detection, redirect handling, and edge cases
  • Added signout_redirect_url field to the backend config API response in the features object when WEBUI_AUTH_SIGNOUT_REDIRECT_URL is configured

Changed

  • Modified getBackendConfig() function in src/lib/apis/index.ts to detect and handle CORS-blocked authentication redirect errors gracefully
  • Updated +layout.svelte to properly handle authentication redirect errors without displaying the error page
  • Enhanced error handling in the application initialization flow to distinguish between authentication redirects and actual errors

Fixed

  • Fixed PWA displaying "500 Internal Server Error" when session expires with Trusted Header Auth/Forward Auth configurations
  • Fixed improper error handling when reverse proxy redirects are blocked by CORS policy in fetch requests
  • Fixed application showing generic error pages for authentication-related network failures that should trigger redirects

Test

  • Added unit tests for isAuthRedirectError() function covering various error patterns (CORS errors, network failures, status codes)
  • Added unit tests for handleAuthRedirect() function covering redirect scenarios with and without signout URLs
  • Added unit tests for getBackendConfig() function covering successful fetches, error handling, and signout URL storage
  • Added integration tests verifying the complete authentication redirect flow from error detection to browser redirect

Additional Information

This fix addresses issue #21072 where users reported that PWAs installed on mobile devices (Android in particular) would show a 500 error page when launched after session expiration, instead of redirecting to the external authentication provider's login page.

The implementation works by:

  1. Detecting when fetch requests fail due to CORS-blocked redirects (common patterns include "Failed to fetch", "ERR_FAILED", "CORS", "redirected from", status 0, etc.)
  2. Checking if a signout redirect URL is stored in localStorage from a previous successful config fetch
  3. Using window.location.href to redirect the browser, which allows redirects (unlike fetch API)
  4. If a signout redirect URL is configured, using it directly; otherwise, reloading the current page to trigger the reverse proxy redirect
  5. Preventing the error page from being displayed by throwing a special error flag that the layout component recognizes

The fix maintains backward compatibility and does not affect normal authentication flows. It only activates when CORS-blocked redirect errors are detected, ensuring that legitimate errors are still properly handled and displayed.

The backend now includes the signout_redirect_url in the config response when WEBUI_AUTH_SIGNOUT_REDIRECT_URL environment variable is set, allowing the frontend to store it for future use even when the initial config fetch fails due to authentication redirects.

Related Issue: #21072

Testing Performed:

  • Verified the fix works with Trusted Header Auth configurations
  • Tested with and without WEBUI_AUTH_SIGNOUT_REDIRECT_URL configured
  • Confirmed error page is not shown for authentication redirects
  • Verified regular errors still display properly
  • Tested on Android PWA scenario described in the issue
  • All unit tests and integration tests pass

Screenshots or Videos

Before Fix:
When launching the PWA after session expiration, users would see a "500 Internal Server Error" page or "Open WebUI Backend Required" error page.

After Fix:
When launching the PWA after session expiration, the application seamlessly redirects to the external authentication provider's login page (e.g., Authentik), allowing users to authenticate and continue using the application.

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/21216 **Author:** [@Nitin75408](https://github.com/Nitin75408) **Created:** 2/6/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `Fixes/21072-PWA-Error` --- ### 📝 Commits (1) - [`402b41c`](https://github.com/open-webui/open-webui/commit/402b41ca9aaf87c88209ae2750d5a25658a7320a) Fixed PWA 500 Error ### 📊 Changes **7 files changed** (+610 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/main.py` (+7 -0) ➕ `src/lib/apis/index.integration.test.ts` (+155 -0) ➕ `src/lib/apis/index.test.ts` (+215 -0) 📝 `src/lib/apis/index.ts` (+35 -3) ➕ `src/lib/utils/index.test.ts` (+116 -0) 📝 `src/lib/utils/index.ts` (+59 -0) 📝 `src/routes/+layout.svelte` (+23 -3) </details> ### 📄 Description # Pull Request Checklist ### Note to first-time contributors: Please open a discussion post in [Discussions](https://github.com/open-webui/open-webui/discussions) to discuss your idea/fix with the community before creating a pull request, and describe your changes before submitting a pull request. This is to ensure large feature PRs are discussed with the community first, before starting work on it. If the community does not want this feature or it is not relevant for Open WebUI as a project, it can be identified in the discussion before working on the feature and submitting the PR. **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Verify that the pull request targets the `dev` branch. **Not targeting the `dev` branch will lead to immediate closure of the PR.** - [x] **Description:** Provide a concise description of the changes made in this pull request down below. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [x] **Documentation:** If necessary, update relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs) like environment variables, the tutorials, or other documentation sources. - [x] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [x] **Testing:** Perform manual tests to **verify the implemented fix/feature works as intended AND does not break any other functionality**. Take this as an opportunity to **make screenshots of the feature/fix and include it in the PR description**. - [x] **Agentic AI Code:** Confirm this Pull Request is **not written by any AI Agent** or has at least **gone through additional human review AND manual testing**. If any AI Agent is the co-author of this PR, it may lead to immediate closure of the PR. - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Title Prefix:** To clearly categorize this pull request, prefix the pull request title using one of the following: - **BREAKING CHANGE**: Significant changes that may affect compatibility - **build**: Changes that affect the build system or external dependencies - **ci**: Changes to our continuous integration processes or workflows - **chore**: Refactor, cleanup, or other non-functional code changes - **docs**: Documentation update or addition - **feat**: Introduces a new feature or enhancement to the codebase - **fix**: Bug fix or error correction - **i18n**: Internationalization or localization changes - **perf**: Performance improvement - **refactor**: Code restructuring for better maintainability, readability, or scalability - **style**: Changes that do not affect the meaning of the code (white space, formatting, missing semi-colons, etc.) - **test**: Adding missing tests or correcting existing tests - **WIP**: Work in progress, a temporary label for incomplete or ongoing work # Changelog Entry ### Description This pull request fixes a critical issue where Progressive Web Applications (PWAs) display a "500 Internal Server Error" page instead of redirecting to the external login page when the user's session expires with Trusted Header Auth or Forward Auth configurations (e.g., Authentik via Traefik). The root cause was that when the PWA makes background API requests (such as `/api/config`) on startup after session expiration, the reverse proxy correctly redirects to the external login page. However, browsers block these redirects in fetch requests due to CORS policy, causing the request to fail with a network error. The frontend was not handling this specific failure gracefully and instead displayed a generic error page. The solution implements proper detection of CORS-blocked authentication redirects and handles them by using `window.location.href` to trigger the browser redirect, which allows the reverse proxy to complete the authentication flow seamlessly. ### Added - Added `isAuthRedirectError()` utility function in `src/lib/utils/index.ts` to detect CORS and network errors that indicate authentication redirects being blocked by the browser - Added `handleAuthRedirect()` utility function to properly redirect the browser when authentication redirects are detected - Added comprehensive test suite with unit tests and integration tests covering error detection, redirect handling, and edge cases - Added `signout_redirect_url` field to the backend config API response in the features object when `WEBUI_AUTH_SIGNOUT_REDIRECT_URL` is configured ### Changed - Modified `getBackendConfig()` function in `src/lib/apis/index.ts` to detect and handle CORS-blocked authentication redirect errors gracefully - Updated `+layout.svelte` to properly handle authentication redirect errors without displaying the error page - Enhanced error handling in the application initialization flow to distinguish between authentication redirects and actual errors ### Fixed - Fixed PWA displaying "500 Internal Server Error" when session expires with Trusted Header Auth/Forward Auth configurations - Fixed improper error handling when reverse proxy redirects are blocked by CORS policy in fetch requests - Fixed application showing generic error pages for authentication-related network failures that should trigger redirects ### Test - Added unit tests for `isAuthRedirectError()` function covering various error patterns (CORS errors, network failures, status codes) - Added unit tests for `handleAuthRedirect()` function covering redirect scenarios with and without signout URLs - Added unit tests for `getBackendConfig()` function covering successful fetches, error handling, and signout URL storage - Added integration tests verifying the complete authentication redirect flow from error detection to browser redirect --- ### Additional Information This fix addresses issue #21072 where users reported that PWAs installed on mobile devices (Android in particular) would show a 500 error page when launched after session expiration, instead of redirecting to the external authentication provider's login page. The implementation works by: 1. Detecting when fetch requests fail due to CORS-blocked redirects (common patterns include "Failed to fetch", "ERR_FAILED", "CORS", "redirected from", status 0, etc.) 2. Checking if a signout redirect URL is stored in localStorage from a previous successful config fetch 3. Using `window.location.href` to redirect the browser, which allows redirects (unlike fetch API) 4. If a signout redirect URL is configured, using it directly; otherwise, reloading the current page to trigger the reverse proxy redirect 5. Preventing the error page from being displayed by throwing a special error flag that the layout component recognizes The fix maintains backward compatibility and does not affect normal authentication flows. It only activates when CORS-blocked redirect errors are detected, ensuring that legitimate errors are still properly handled and displayed. The backend now includes the `signout_redirect_url` in the config response when `WEBUI_AUTH_SIGNOUT_REDIRECT_URL` environment variable is set, allowing the frontend to store it for future use even when the initial config fetch fails due to authentication redirects. **Related Issue:** #21072 **Testing Performed:** - Verified the fix works with Trusted Header Auth configurations - Tested with and without `WEBUI_AUTH_SIGNOUT_REDIRECT_URL` configured - Confirmed error page is not shown for authentication redirects - Verified regular errors still display properly - Tested on Android PWA scenario described in the issue - All unit tests and integration tests pass ### Screenshots or Videos **Before Fix:** When launching the PWA after session expiration, users would see a "500 Internal Server Error" page or "Open WebUI Backend Required" error page. **After Fix:** When launching the PWA after session expiration, the application seamlessly redirects to the external authentication provider's login page (e.g., Authentik), allowing users to authenticate and continue using the application. ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-05-06 10:32:12 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#64830
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?