Commit graph

97 commits

Author SHA1 Message Date
goecho
74f91bc74d Fix bug: Header attributes (Host, Authorization, Origin, Referer) not sanitized
- Resolved an issue where header attributes Host, Authorization, Origin, and Referer were not being sanitized, resulting in two major issues:
  1. Ollama requests inadvertently exposed user information, leading to data leakage.
  2. When Ollama is deployed on different servers, and the intermediary proxy layer uses the host header to locate downstream services, it fails to find them.

Root Cause:
- In FastAPI, when accessing request.headers, all header names are converted to lowercase. This is because FastAPI, and its underlying framework Starlette, adhere to the HTTP/2 standard, which mandates lowercase header field names for performance and consistency.
- In HTTP/2, enforcing lowercase header field names reduces complexity in header processing as case sensitivity is no longer a concern. Thus, regardless of the case used in client-sent header fields, the server processes them uniformly in lowercase.
- This practice is adopted in FastAPI and other modern HTTP frameworks, even in an HTTP/1.1 context, to maintain consistency with HTTP/2 and improve overall performance. As a result, header field names are always presented in lowercase in FastAPI, even if the original request used capitalization or mixed case.
2024-01-11 14:36:34 +08:00
Timothy J. Baek
c1ec604f21 feat: rag md support 2024-01-09 15:24:53 -08:00
Timothy J. Baek
76d37393ee feat: gguf upload 2024-01-09 13:25:42 -08:00
Timothy J. Baek
1ff3eb8038 feat: doc upload error handling 2024-01-08 01:54:03 -08:00
Timothy J. Baek
eddb6fc7b7 feat: documents backend integration 2024-01-08 01:49:20 -08:00
Timothy J. Baek
54c4e0761a feat: documents file upload 2024-01-08 01:26:15 -08:00
Timothy J. Baek
cc3f84f916 feat: # to import doc 2024-01-07 23:43:32 -08:00
Timothy J. Baek
57c050326c feat: docx support 2024-01-07 13:56:01 -08:00
Timothy J. Baek
9a63376e55 feat: file upload error handling 2024-01-07 09:33:34 -08:00
Timothy J. Baek
b37b157638 feat: reset vectordb storage support 2024-01-07 09:15:45 -08:00
Timothy J. Baek
d4b2578f6e feat: rag csv support 2024-01-07 09:05:52 -08:00
Timothy J. Baek
d6a1bf1406 refac: file upload 2024-01-07 09:00:30 -08:00
Timothy J. Baek
ffd0a5a2a0 Update main.py 2024-01-07 08:34:05 -08:00
Timothy J. Baek
c68bb3b950 docker: slim 2024-01-07 08:28:35 -08:00
Timothy Jaeryang Baek
34e0f64fb3
Merge pull request #333 from ollama-webui/rag
feat: RAG support
2024-01-07 02:50:32 -08:00
Timothy J. Baek
464d0fb016 fix: update langchain.document_loaders 2024-01-07 02:49:13 -08:00
Timothy J. Baek
70d2571be1 feat: rag backend auth 2024-01-07 02:46:12 -08:00
Timothy J. Baek
142269374f feat: vectordb query error handling 2024-01-07 01:59:00 -08:00
Timothy J. Baek
ad3d69be30 refac 2024-01-07 01:54:58 -08:00
Timothy J. Baek
9634e2da3e feat: full integration 2024-01-07 01:40:36 -08:00
Timothy J. Baek
fef4725d56 feat: frontend file upload support 2024-01-07 00:57:10 -08:00
Timothy J. Baek
cd86c36953 feat: pdf data load 2024-01-06 23:40:51 -08:00
Timothy J. Baek
784b369cc9 feat: chromadb vector store api 2024-01-06 22:59:22 -08:00
Timothy J. Baek
b2c9f6dff8 feat: rag api endpoint 2024-01-06 22:07:20 -08:00
Timothy J. Baek
82114c45ee fix: allow command named create 2024-01-06 17:55:41 -08:00
Timothy J. Baek
73b88a8c17 fix: update user email issue 2024-01-06 02:51:57 -08:00
Timothy J. Baek
e441875af7 fix: update role 2024-01-05 21:02:49 -08:00
Timothy J. Baek
fb0c64379d feat: edit user support 2024-01-05 20:59:56 -08:00
Timothy J. Baek
bb2971260d fix: backend proxy 2024-01-05 17:16:35 -08:00
Timothy J. Baek
78477baa0e feat: proxy logging 2024-01-05 15:51:33 -08:00
Timothy J. Baek
a37b9c126f refac 2024-01-05 01:29:04 -08:00
Timothy J. Baek
47dc3b5fb2 feat: async reverse proxy 2024-01-05 01:25:34 -08:00
ThatOneCalculator
699fbefb8a
chore: 🎨 format 2024-01-04 20:05:19 -08:00
Timothy Jaeryang Baek
1a93191259
Merge branch 'main' into bun 2024-01-04 22:57:11 -05:00
Timothy J. Baek
c0b099da4f feat: openai frontend refac 2024-01-04 18:54:00 -08:00
Timothy J. Baek
17c66fde0f feat: openai compatible api support 2024-01-04 18:38:03 -08:00
Timothy J. Baek
5e4dc98f44 feat: openai backend support 2024-01-04 16:49:34 -08:00
ThatOneCalculator
05fade1426
chore: 🎨 format backend 2024-01-04 13:30:47 -08:00
ThatOneCalculator
8480a9b418
Merge branch 'main' into bun 2024-01-04 13:30:30 -08:00
Timothy J. Baek
30aff2db53 feat: enable backend ollama url update 2024-01-04 13:06:31 -08:00
ThatOneCalculator
07cc7f15d5
chore: 🚨 lint and format 2024-01-03 14:33:57 -08:00
Timothy J. Baek
7fc1d7c2c7 feat: prompt crud 2024-01-02 21:35:47 -08:00
Timothy J. Baek
69ff596045 feat: prompts backend frontend integration 2024-01-02 21:00:50 -08:00
Timothy J. Baek
247414743b feat: prompts backend support 2024-01-02 20:51:19 -08:00
Timothy J. Baek
22c210e8f6 feat: custom prompt support 2024-01-02 20:41:37 -08:00
Timothy J. Baek
09e1458d59 fix: default models value should be None 2024-01-02 16:48:49 -08:00
Timothy J. Baek
7bc0c09b25 fix: openai issue 2024-01-02 16:48:10 -08:00
Timothy J. Baek
d8754b4486 feat/fix: email format validation 2024-01-02 16:22:48 -08:00
Timothy J. Baek
bb5bf3964e feat: toggle signup enable from admin panel 2024-01-01 12:32:28 -08:00
Anuraag Jain
77323d9b25 refac: remove the verify_token and use get-current user for auth+user 2024-01-01 10:55:50 +02:00