Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WebUI: 'Authorization header missing' #2227

Closed
AlexM4H opened this issue May 3, 2024 · 9 comments · Fixed by #4197
Closed

WebUI: 'Authorization header missing' #2227

AlexM4H opened this issue May 3, 2024 · 9 comments · Fixed by #4197
Labels
bug Something isn't working unconfirmed

Comments

@AlexM4H
Copy link

AlexM4H commented May 3, 2024

The WebUI is making great progress. Many thanks for that.

I tried to test the chat today. Without using an API-KEY in my settings it works fine.

But how can I enter the API-KEY from my settings into the WebUI? The input option is only displayed if I have not set such a KEY.

If a API-KEY is set in my environment settings, I get the error message

{"message": "Authorization header missing"}

EDIT:

curl -X GET "https://localai/v1/models" -H "Authorization: Bearer sk-my-api-key"|jq

works with the correct key, otherwise "Invalid API key"

@AlexM4H AlexM4H added bug Something isn't working unconfirmed labels May 3, 2024
@localai-bot
Copy link
Contributor

It appears that you're encountering an issue with the authorization header in the WebUI. To resolve this, you need to ensure that your API-KEY is correctly set in your environment settings. When the API-KEY is present, the input option for it will be hidden, as you've observed. Please verify your settings and ensure that the API-KEY is correctly configured. If you continue to experience issues, feel free to reach out for further assistance. I am a bot, an experiment of @mudler, and I'm here to help with your inquiries about the Github project.

@fakezeta
Copy link
Collaborator

fakezeta commented May 3, 2024

Hi, if you mean how you can access the Web-UI with the browser I solved with Requestly browser extension.

Following a config example
Screenshot 2024-05-03 at 18-21-26 Requestly - Lightweight Proxy to Intercept   Modify HTTP(s) requests

@AlexM4H
Copy link
Author

AlexM4H commented May 3, 2024

Thanks for your workaround. I use ModHeader instead. It works well. But it's a bug, right?

@Jordanb716
Copy link

I have this issue as well. Using the latest Docker image (v2.15.0-cublas-cuda12-ffmpeg), if $LOCALAI_API_KEY is set I only get "Authorization header missing" when I try to access the webui. Works perfectly if not set.

@pmarini-nc
Copy link

I also think it is a bug. Can a maintainer confirm this? Thanks!

@AlexM4H
Copy link
Author

AlexM4H commented Jun 14, 2024

Any updates? We have a workaround for this error, but no fix yet.

@mudler
Copy link
Owner

mudler commented Jun 25, 2024

That's not a bug - the WebUI is served by the API and, does not support specifying an API KEY on the first place for all the calls.
As it exposes outside confidential informations, it is gated for security purposes by the API_KEY entirely. As @fakezeta mentioned there are browser plugins to prefix calls with a bearer token that can be used to access the webui.

As there is no user authentication, nor the WebUI supports settings API Keys across all the application, the safest route is to put the whole UI behind an API KEY as it could leak sensitive informations.

If you think there is room for improvement, please create a ticket suggesting a solution - but I'm not really into plugging a user/auth system to LocalAI. We can think to have the WebUI to setup the token when accessed at first, but that's an enhancement, not a bug. Referencing #2156 for better visibility.

@mudler mudler mentioned this issue Jun 25, 2024
21 tasks
@mintyleaf
Copy link
Contributor

@mudler
do you aware that p2p diagnostics functionality is suppressed when api keys is used?

@JOduMonT
Copy link

JOduMonT commented Nov 9, 2024

@AlexM4H
I use Docker Compose
in my .env I added the variable

LOCALAI_API_KEY="GENERATED KEY"

I generated my key with: openssl rand -base64 42
and added sk- in front just to make it looks like OpenAI.
So it looks like this in my .env file:
image

then after restarting my localai docker container

curl -X GET "https://localai/v1/models" -H "Authorization: Bearer sk-9f73s3ljTXVcMT3Blb3ljTqtsKiGHXVcMT3BlbkFJLK7U"|jq

works fine for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working unconfirmed
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants