Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misc. bug: since 235f6e1 llama-server's main.js overwrites Authorization header so Web UI fails behind authenticating reverse proxy #10854

Closed
vesath opened this issue Dec 16, 2024 · 1 comment · Fixed by #10878
Closed

Misc. bug: since 235f6e1 llama-server's main.js overwrites Authorization header so Web UI fails behind authenticating reverse proxy #10854

vesath opened this issue Dec 16, 2024 · 1 comment · Fixed by #10878
Labels
bug-unconfirmed

Comments

@vesath
Copy link
Contributor

vesath commented Dec 16, 2024

Name and Version

$ ./llama.cpp/build/bin/llama-cli --version
version: 4336 (08ea539)
built with cc (GCC) 14.2.1 20240910 for x86_64-pc-linux-gnu

Operating systems

Linux

Which llama.cpp modules do you know to be affected?

llama-server

Problem description & steps to reproduce

I am running llama-server behind Caddy as an authenticating reverse proxy. Once authenticated, all requests should keep sending the "Authorization: Basic TOKEN" header. This was the case before commit 235f6e1.

Since commit 235f6e1, that Authorization header is only sent for the initial connection to "/" and not for subsequent completion requests. Instead, it gets overwritten with "Authorization: undefined".

The symptom is that all completion requests fail. The never reach the server. See the screenshots below. The main difference is at the bottom right under "Request headers" (Authorization).

1a31d0d-good
235f6e1-bad
symptom

I understand that 235f6e1 uses a new kind of completion requests which I'm not too familiar with. Please let me know if there's any further information I can provide to help diagnose this issue.

Cheers.

First Bad Commit

235f6e1

Relevant log output

No response
@vesath
Copy link
Contributor Author

vesath commented Dec 17, 2024

Here's a patch which I believe solves the issue.

diff --git a/examples/server/webui/src/main.js b/examples/server/webui/src/main.js
index 441fd735..4667630d 100644
--- a/examples/server/webui/src/main.js
+++ b/examples/server/webui/src/main.js
@@ -442,7 +442,7 @@ const mainApp = createApp({
           method: 'POST',
           headers: {
             'Content-Type': 'application/json',
-            'Authorization': this.config.apiKey ? `Bearer ${this.config.apiKey}` : undefined,
+            ...(this.config.apiKey ? {'Authorization': `Bearer ${this.config.apiKey}`} : {})
           },
           body: JSON.stringify(params),
           signal: abortController.signal,

(And examples/server/public/index.html.gz should be regenerated accordingly.)

vesath added a commit to vesath/llama.cpp that referenced this issue Dec 17, 2024
@vesath
server: avoid overwriting Authorization header
3bda5c9 
If no API key is set, leave the Authorization header as is. It may be
used by another part of the Web stack, such as an authenticating proxy.

Fixes ggerganov#10854
@vesath vesath mentioned this issue Dec 17, 2024
Closed
vesath added a commit to vesath/llama.cpp that referenced this issue Dec 17, 2024
@vesath
server: avoid overwriting Authorization header
7d4f347 
If no API key is set, leave the Authorization header as is. It may be
used by another part of the Web stack, such as an authenticating proxy.

Fixes ggerganov#10854
@vesath vesath mentioned this issue Dec 17, 2024
Closed
vesath added a commit to vesath/llama.cpp that referenced this issue Dec 18, 2024
@vesath
server: avoid overwriting Authorization header
bfa0298 
If no API key is set, leave the Authorization header as is. It may be
used by another part of the Web stack, such as an authenticating proxy.

Fixes ggerganov#10854
@vesath vesath mentioned this issue Dec 18, 2024
Merged
@ngxson ngxson closed this as completed in 7bbb5ac Dec 18, 2024
arthw pushed a commit to arthw/llama.cpp that referenced this issue Dec 20, 2024
@vesath @ngxson @arthw
server: avoid overwriting Authorization header (ggerganov#10878)
80b3fb9 
* server: avoid overwriting Authorization header

If no API key is set, leave the Authorization header as is. It may be
used by another part of the Web stack, such as an authenticating proxy.

Fixes ggerganov#10854

* rebuild

---------

Co-authored-by: Xuan Son Nguyen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug-unconfirmed
Projects
None yet
Milestone
No milestone
1 participant
@vesath