root
/
open-webui
mirror of https://github.com/open-webui/open-webui.git
1
0
Fork 0
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Change default CORS_ALLOW_ORIGIN to '*' 

The local development setup defaults do not actually work currently.
This commit is contained in:
Duncan Ogilvie 2025-06-08 15:16:51 +02:00
parent 41220b379f
commit 7010393a41
1 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
backend/open_webui/config.py
View File

@ -1245,12 +1245,6 @@ if THREAD_POOL_SIZE is not None and isinstance(THREAD_POOL_SIZE, str):
THREAD_POOL_SIZE = None THREAD_POOL_SIZE = None
def validate_cors_origins(origins):
for origin in origins:
if origin != "*":
validate_cors_origin(origin)
def validate_cors_origin(origin): def validate_cors_origin(origin):
parsed_url = urlparse(origin) parsed_url = urlparse(origin)
@ -1271,16 +1265,18 @@ def validate_cors_origin(origin):
# CORS_ALLOW_ORIGIN=http://localhost:5173;http://localhost:8080 # CORS_ALLOW_ORIGIN=http://localhost:5173;http://localhost:8080
# in your .env file depending on your frontend port, 5173 in this case. # in your .env file depending on your frontend port, 5173 in this case.
CORS_ALLOW_ORIGIN = os.environ.get( CORS_ALLOW_ORIGIN = os.environ.get(
"CORS_ALLOW_ORIGIN", "*;http://localhost:5173;http://localhost:8080" "CORS_ALLOW_ORIGIN", "*"
).split(";") ).split(";")
if "*" in CORS_ALLOW_ORIGIN: if CORS_ALLOW_ORIGIN == ["*"]:
log.warning( log.warning(
"\n\nWARNING: CORS_ALLOW_ORIGIN IS SET TO '*' - NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS.\n" "\n\nWARNING: CORS_ALLOW_ORIGIN IS SET TO '*' - NOT RECOMMENDED FOR PRODUCTION DEPLOYMENTS.\n"
) )
else:
validate_cors_origins(CORS_ALLOW_ORIGIN) # You have to pick between a single wildcard or a list of origins.
# Doing both will result in CORS errors in the browser.
for origin in CORS_ALLOW_ORIGIN:
validate_cors_origin(origin)
class BannerModel(BaseModel): class BannerModel(BaseModel):
id: str id: str