mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-05-13 07:46:47 +00:00
630cb59e3b
When an admin configures a custom endpoint with `baseURL: 'user_provided'`, each end user supplies their own base URL via the UI. Without validation, a user can point that URL at internal services (cloud metadata endpoints, intranet APIs, etc.), causing the backend to issue requests to those addresses on every model-listing fetch. Add `interface.blockPrivateUserBaseURL` (default `false` to preserve current behavior). When enabled, the `/api/keys` PUT handler parses the encrypted user-key payload and rejects values whose `baseURL` fails an http(s) protocol check or resolves to a private, loopback, or link-local IP. Operators running self-hosted LLMs on private IPs can leave the flag off; multi-tenant deployments should turn it on. This is save-time validation; runtime fetch sites should additionally adopt SSRF-safe agents (defense in depth). |
||
|---|---|---|
| .. | ||
| app | ||
| cache | ||
| config | ||
| db | ||
| models | ||
| server | ||
| strategies | ||
| test | ||
| utils | ||
| jest.config.js | ||
| jsconfig.json | ||
| package.json | ||
| typedefs.js | ||