1 year ago · c2e8af5ed1
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file.
 
				 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
			
 
				 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
			
 
				 
			
 
				+## [0.3.4] - 2024-06-12
			
 
				+
			
 
				+### Fixed
			
 
				+
			
 
				+- **🔒 Mixed Content with HTTPS Issue**: Resolved a problem where mixed content (HTTP and HTTPS) was causing security warnings and blocking resources on HTTPS sites.
			
 
				+- **🔍 Web Search Issue**: Addressed the problem where web search functionality was not working correctly. The `ENABLE_RAG_LOCAL_WEB_FETCH` option has been reintroduced to restore proper web searching capabilities.
			
 
				+- **💾 RAG Template Not Being Saved**: Fixed an issue where the RAG template was not being saved correctly, ensuring your custom templates are now preserved as expected.
			
 
				+
			
 
				 ## [0.3.3] - 2024-06-12
			
 
				 
			
 
				 ### Added
			
--- a/backend/apps/rag/main.py
+++ b/backend/apps/rag/main.py
@@ -717,13 +717,18 @@ def validate_url(url: Union[str, Sequence[str]]):
 
				         if isinstance(validators.url(url), validators.ValidationError):
			
 
				             raise ValueError(ERROR_MESSAGES.INVALID_URL)
			
 
				         if not ENABLE_RAG_LOCAL_WEB_FETCH:
			
 
				-            # Check if the URL exists by making a HEAD request
			
 
				-            try:
			
 
				-                response = requests.head(url, allow_redirects=True)
			
 
				-                if response.status_code != 200:
			
 
				+            # Local web fetch is disabled, filter out any URLs that resolve to private IP addresses
			
 
				+            parsed_url = urllib.parse.urlparse(url)
			
 
				+            # Get IPv4 and IPv6 addresses
			
 
				+            ipv4_addresses, ipv6_addresses = resolve_hostname(parsed_url.hostname)
			
 
				+            # Check if any of the resolved addresses are private
			
 
				+            # This is technically still vulnerable to DNS rebinding attacks, as we don't control WebBaseLoader
			
 
				+            for ip in ipv4_addresses:
			
 
				+                if validators.ipv4(ip, private=True):
			
 
				+                    raise ValueError(ERROR_MESSAGES.INVALID_URL)
			
 
				+            for ip in ipv6_addresses:
			
 
				+                if validators.ipv6(ip, private=True):
			
 
				                     raise ValueError(ERROR_MESSAGES.INVALID_URL)
			
 
				-            except requests.exceptions.RequestException:
			
 
				-                raise ValueError(ERROR_MESSAGES.INVALID_URL)
			
 
				         return True
			
 
				     elif isinstance(url, Sequence):
			
 
				         return all(validate_url(u) for u in url)
			
@@ -731,6 +736,17 @@ def validate_url(url: Union[str, Sequence[str]]):
 
				         return False
			
 
				 
			
 
				 
			
 
				+def resolve_hostname(hostname):
			
 
				+    # Get address information
			
 
				+    addr_info = socket.getaddrinfo(hostname, None)
			
 
				+
			
 
				+    # Extract IP addresses from address information
			
 
				+    ipv4_addresses = [info[4][0] for info in addr_info if info[0] == socket.AF_INET]
			
 
				+    ipv6_addresses = [info[4][0] for info in addr_info if info[0] == socket.AF_INET6]
			
 
				+
			
 
				+    return ipv4_addresses, ipv6_addresses
			
 
				+
			
 
				+
			
 
				 def search_web(engine: str, query: str) -> list[SearchResult]:
			
 
				     """Search the web using a search engine and return the results as a list of SearchResult objects.
			
 
				     Will look for a search engine API key in environment variables in the following order:
			
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 
				 {
			
 
				 	"name": "open-webui",
			
 
				-	"version": "0.3.3",
			
 
				+	"version": "0.3.4",
			
 
				 	"lockfileVersion": 3,
			
 
				 	"requires": true,
			
 
				 	"packages": {
			
 
				 		"": {
			
 
				 			"name": "open-webui",
			
 
				-			"version": "0.3.3",
			
 
				+			"version": "0.3.4",
			
 
				 			"dependencies": {
			
 
				 				"@codemirror/lang-javascript": "^6.2.2",
			
 
				 				"@codemirror/lang-python": "^6.1.6",
			
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 
				 {
			
 
				 	"name": "open-webui",
			
 
				-	"version": "0.3.3",
			
 
				+	"version": "0.3.4",
			
 
				 	"private": true,
			
 
				 	"scripts": {
			
 
				 		"dev": "npm run pyodide:fetch && vite dev --host",
			
--- a/src/app.html
+++ b/src/app.html
@@ -121,7 +121,7 @@
 
				 						id="progress-bar"
			
 
				 						style="
			
 
				 							position: absolute;
			
 
				-							width: 100%;
			
 
				+							width: 0%;
			
 
				 							height: 0.75rem;
			
 
				 							border-radius: 9999px;
			
 
				 							background-color: #fff;
			
--- a/src/lib/apis/tools/index.ts
+++ b/src/lib/apis/tools/index.ts
@@ -34,7 +34,7 @@ export const createNewTool = async (token: string, tool: object) => {
 
				 export const getTools = async (token: string = '') => {
			
 
				 	let error = null;
			
 
				 
			
 
				-	const res = await fetch(`${WEBUI_API_BASE_URL}/tools`, {
			
 
				+	const res = await fetch(`${WEBUI_API_BASE_URL}/tools/`, {
			
 
				 		method: 'GET',
			
 
				 		headers: {
			
 
				 			Accept: 'application/json',
			
--- a/src/lib/components/admin/Settings/Documents.svelte
+++ b/src/lib/components/admin/Settings/Documents.svelte
@@ -166,6 +166,8 @@
 
				 				chunk_size: chunkSize
			
 
				 			}
			
 
				 		});
			
 
				+
			
 
				+		await updateQuerySettings(localStorage.token, querySettings);
			
 
				 	};
			
 
				 
			
 
				 	const setEmbeddingConfig = async () => {