oobabooga/text-generation-webui
1
0
Fork 0
mirror of https://github.com/oobabooga/text-generation-webui.git synced 2026-04-04 14:17:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Improve host header validation in local mode

Browse source
This commit is contained in:
oobabooga 2025-04-26 15:07:35 -07:00
parent a317450dfa
commit bc55feaf3e
2 changed files with 38 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
extensions/openai/script.py
View file

@ -86,6 +86,20 @@ app.add_middleware(
)
@app.middleware("http")
async def validate_host_header(request: Request, call_next):
# Be strict about only approving access to localhost by default
if not (shared.args.listen or shared.args.public_api):
host = request.headers.get("host", "").split(":")[0]
if host not in ["localhost", "127.0.0.1"]:
return JSONResponse(
status_code=400,
content={"detail": "Invalid host header"}
)
return await call_next(request)
@app.options("/", dependencies=check_key)
async def options_route():
return JSONResponse(content="OK")