mirror of
https://github.com/open-webui/open-webui.git
synced 2026-07-16 14:39:31 -05:00
[PR #24487] [CLOSED] fix: validate redirect targets during RAG web ingestion #98714
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/open-webui/open-webui/pull/24487
Author: @Dawn-Fighter
Created: 5/9/2026
Status: ❌ Closed
Base:
main← Head:fix-rag-redirect-ssrf-validation📝 Commits (1)
aadb838fix: validate redirect targets during RAG web ingestion📊 Changes
3 files changed (+129 additions, -2 deletions)
View changed files
📝
backend/open_webui/retrieval/utils.py(+2 -2)📝
backend/open_webui/retrieval/web/utils.py(+49 -0)➕
backend/open_webui/test/retrieval/web/test_url_validation.py(+78 -0)📄 Description
Summary
Why
Open WebUI already blocks direct private/local URLs when local web fetch is disabled, but requests-based ingestion paths could follow redirects after the initial validation. A public URL could redirect backend ingestion to localhost, private networks, or cloud metadata endpoints.
Tests
PYTHONPATH=backend uv run pytest backend/open_webui/test/retrieval/web/test_url_validation.py -q/healthand/readyreturned200 {"status":true}🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.