[GH-ISSUE #17288] feat: Add Chat Permission toggle to control file download in citations (avoid confidential data leakage) 在 Chat Permissions 增加控制是否允許下載檔案的開關(避免機密資料外洩) #88969

Closed
opened 2026-05-15 13:47:39 -05:00 by GiteaMirror · 0 comments
Owner

Originally created by @linbanana on GitHub (Sep 9, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/17288

Check Existing Issues

  • I have searched the existing issues and discussions.

Problem Description

Feature Description

Currently, in CitationsModal.svelte (around line 95), uploaded files referenced in citations are always rendered with a clickable <a> link that allows downloading or opening the file.

For environments dealing with confidential or sensitive documents, this behavior may cause potential data leakage risks.

We propose adding a new Chat Permission setting:

  • Allow File Download (default: enabled)

If disabled, citations should only show the file name (and optional page number), but without a clickable download link.

Desired Solution you'd like

建議新增一個 Chat Permission

  • 允許檔案下載 (Allow File Download)(預設啟用)

若關閉,Citation 僅顯示檔名(及選填的頁碼),但不提供下載連結。


Example Code (CitationsModal.svelte)

Current (always clickable):

<a
  class="hover:text-gray-500 dark:hover:text-gray-100 underline grow"
  href={document?.metadata?.file_id
    ? `${WEBUI_API_BASE_URL}/files/${document?.metadata?.file_id}/content${document?.metadata?.page !== undefined ? `#page=${document.metadata.page + 1}` : ''}`
    : document.source?.url?.includes('http')
      ? document.source.url
      : `#`}
  target="_blank"
>
  {decodeString(document?.metadata?.name ?? document.source.name)}
</a>

Proposed (respect permission):

{#if $permissions.allowFileDownload}
  <a
    class="hover:text-gray-500 dark:hover:text-gray-100 underline grow"
    href={document?.metadata?.file_id
      ? `${WEBUI_API_BASE_URL}/files/${document?.metadata?.file_id}/content${document?.metadata?.page !== undefined ? `#page=${document.metadata.page + 1}` : ''}`
      : document.source?.url?.includes('http')
        ? document.source.url
        : `#`}
    target="_blank"
  >
    {decodeString(document?.metadata?.name ?? document.source.name)}
  </a>
{:else}
  <span class="text-gray-400 dark:text-gray-300">
    {decodeString(document?.metadata?.name ?? document.source.name)}
  </span>
{/if}

Benefits

  • Prevents accidental or unauthorized downloading of sensitive uploaded files.
  • Gives admins more fine-grained control over chat permissions.
  • Aligns with enterprise security needs.

Alternatives Considered

No response

Additional Context

No response

Originally created by @linbanana on GitHub (Sep 9, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/17288 ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description ## Feature Description Currently, in **CitationsModal.svelte** (around line 95), uploaded files referenced in citations are always rendered with a clickable `<a>` link that allows downloading or opening the file. For environments dealing with confidential or sensitive documents, this behavior may cause potential **data leakage risks**. We propose adding a new **Chat Permission** setting: - **Allow File Download** (default: enabled) If disabled, citations should only show the file name (and optional page number), but **without a clickable download link**. ### Desired Solution you'd like 建議新增一個 **Chat Permission**: - **允許檔案下載 (Allow File Download)**(預設啟用) 若關閉,Citation 僅顯示檔名(及選填的頁碼),但不提供下載連結。 --- ## Example Code (CitationsModal.svelte) **Current (always clickable):** ```svelte <a class="hover:text-gray-500 dark:hover:text-gray-100 underline grow" href={document?.metadata?.file_id ? `${WEBUI_API_BASE_URL}/files/${document?.metadata?.file_id}/content${document?.metadata?.page !== undefined ? `#page=${document.metadata.page + 1}` : ''}` : document.source?.url?.includes('http') ? document.source.url : `#`} target="_blank" > {decodeString(document?.metadata?.name ?? document.source.name)} </a> ``` ## Proposed (respect permission): ```svelte {#if $permissions.allowFileDownload} <a class="hover:text-gray-500 dark:hover:text-gray-100 underline grow" href={document?.metadata?.file_id ? `${WEBUI_API_BASE_URL}/files/${document?.metadata?.file_id}/content${document?.metadata?.page !== undefined ? `#page=${document.metadata.page + 1}` : ''}` : document.source?.url?.includes('http') ? document.source.url : `#`} target="_blank" > {decodeString(document?.metadata?.name ?? document.source.name)} </a> {:else} <span class="text-gray-400 dark:text-gray-300"> {decodeString(document?.metadata?.name ?? document.source.name)} </span> {/if} ``` ## Benefits - Prevents accidental or unauthorized downloading of sensitive uploaded files. - Gives admins more fine-grained control over chat permissions. - Aligns with enterprise security needs. ### Alternatives Considered _No response_ ### Additional Context _No response_
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#88969