server: Bypass API Key validation for WebUI static bundle assets (#21269)
* fix: Bypass API Key validation for static bundle assets * refactor: All bypassed routes in `public_endpoints` * test: Update static assets API Key test
This commit is contained in:
committed by
GitHub
parent
86221cf6da
commit
12dbf1da95
@@ -143,7 +143,11 @@ bool server_http_context::init(const common_params & params) {
|
|||||||
"/v1/health",
|
"/v1/health",
|
||||||
"/models",
|
"/models",
|
||||||
"/v1/models",
|
"/v1/models",
|
||||||
"/api/tags"
|
"/api/tags",
|
||||||
|
"/",
|
||||||
|
"/index.html",
|
||||||
|
"/bundle.js",
|
||||||
|
"/bundle.css",
|
||||||
};
|
};
|
||||||
|
|
||||||
// If API key is not set, skip validation
|
// If API key is not set, skip validation
|
||||||
@@ -151,8 +155,8 @@ bool server_http_context::init(const common_params & params) {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If path is public or is static file, skip validation
|
// If path is public or static file, skip validation
|
||||||
if (public_endpoints.find(req.path) != public_endpoints.end() || req.path == "/") {
|
if (public_endpoints.find(req.path) != public_endpoints.end()) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -22,6 +22,15 @@ def test_access_public_endpoint(endpoint: str):
|
|||||||
assert "error" not in res.body
|
assert "error" not in res.body
|
||||||
|
|
||||||
|
|
||||||
|
def test_access_static_assets_without_api_key():
|
||||||
|
"""Static web UI assets should not require API key authentication (issue #21229)"""
|
||||||
|
global server
|
||||||
|
server.start()
|
||||||
|
for path in ["/", "/bundle.js", "/bundle.css"]:
|
||||||
|
res = server.make_request("GET", path)
|
||||||
|
assert res.status_code == 200, f"Expected 200 for {path}, got {res.status_code}"
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.parametrize("api_key", [None, "invalid-key"])
|
@pytest.mark.parametrize("api_key", [None, "invalid-key"])
|
||||||
def test_incorrect_api_key(api_key: str):
|
def test_incorrect_api_key(api_key: str):
|
||||||
global server
|
global server
|
||||||
|
|||||||
Reference in New Issue
Block a user