mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-01 20:01:35 +00:00
Resolve the allowlist-derived appsEnabled value when creating app-level connections in ConnectionsRepository so a tenant/role/user override that toggles apps is honored instead of the boot YAML default. Gate ui:// resources embedded in tool results on the same per-request setting so a disabled scope renders them as plain resource text rather than a sandboxed app, resolving appsEnabled lazily only when a result actually carries a renderable UI resource. Fail closed in canonicalizeUri when a URI does not stabilize within the decode cap so traversal encoded more deeply than the cap cannot satisfy a template guard a fully-decoding server resolves as a parent-directory path. |
||
|---|---|---|
| .. | ||
| api | ||
| client | ||
| data-provider | ||
| data-schemas | ||