phoenix/litellm-mirror
0
0
Fork 1
mirror of https://github.com/BerriAI/litellm.git synced 2025-04-25 18:54:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Remove user_id from url (#10192)

Browse source 
* fix(user_dashboard.tsx): initial commit using user id from jwt instead of url

* fix(proxy_server.py): remove user id from url

fixes security issue around sharing url's

* fix(user_dashboard.tsx): handle user id being null
This commit is contained in:
Krish Dholakia 2025-04-21 16:22:57 -07:00 committed by GitHub
parent ca3649e6fb
commit 58cb6be9e7
6 changed files with 41 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

4
litellm/proxy/proxy_server.py
View file

@ -6815,7 +6815,7 @@ async def login(request: Request): # noqa: PLR0915
master_key,
algorithm="HS256",
)
litellm_dashboard_ui += "?userID=" + user_id
litellm_dashboard_ui += "?login=success"
redirect_response = RedirectResponse(url=litellm_dashboard_ui, status_code=303)
redirect_response.set_cookie(key="token", value=jwt_token)
return redirect_response
@ -6891,7 +6891,7 @@ async def login(request: Request): # noqa: PLR0915
master_key,
algorithm="HS256",
)
litellm_dashboard_ui += "?userID=" + user_id
litellm_dashboard_ui += "?login=success"
redirect_response = RedirectResponse(
url=litellm_dashboard_ui, status_code=303
)