ars/iiEsaywebUIapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update README with custom headers and endpoint allowlist details

Browse Source 
- Clarified the usage of custom headers during login, linking to the new Endpoint Allowlist section for reverse proxy whitelisting.
- Added a new section on Endpoint Allowlist for custom authentication, detailing necessary path prefixes for SSO and reverse proxy configurations.
- Included specific paths that need to be whitelisted for successful login and streaming flows.
This commit is contained in:
cogwheel0
2025-10-09 00:58:13 +05:30
parent 052a68e3b6
commit 10658d076a
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@@ -74,7 +74,7 @@ flutter run -d ios # or: -d android
Conduit supports multiple authentication flows when connecting to your OpenWebUI:
- **Username + Password**: Sign in directly against servers that expose a login endpoint. Credentials are stored securely using platform keychains.
- **API Key**: Paste a serverissued API token for stateless auth.
- **Custom Headers**: Add headers during login (e.g., `X-API-Key`, `Authorization`, `X-Org`, or selfhosted SSO headers) that Conduit will include on all HTTP/WebSocket requests.
- **Custom Headers**: Add headers during login (e.g., `X-API-Key`, `Authorization`, `X-Org`, or selfhosted SSO headers) that Conduit will include on all HTTP/WebSocket requests (see [Endpoint Allowlist](#endpoint-allowlist-custom-auth) for reverse proxy whitelisting).
## Screenshots
@@ -220,6 +220,19 @@ flutter pub run build_runner build --delete-conflicting-outputs
- No analytics or telemetry are collected.
- Network calls are only made to your configured OpenWebUI server.
### Endpoint Allowlist (Custom Auth)
If you protect OpenWebUI with SSO or a reverse proxy (Authlia, Authentik,
etc.), whitelist these path prefixes so Conduit can complete login, sync, and
streaming flows. Paths are relative to your server base URL; replace tokens like
`{chatId}` with actual identifiers.
- `/health`
- `/api/*`
WebSocket connections use the Socket.IO handshake on `/ws/socket.io`. Ensure the
same headers (or allowlist rules) apply there as well.
## License
This project is licensed under the GPL3 License - see the LICENSE file for details.