* fix: include API key in CORS proxy requests for MCP connections
When llama-server is started with --api-key-file and --webui-mcp-proxy,
the /cors-proxy endpoint requires authentication. The WebUI was not
including the Authorization header in proxy requests, causing MCP
connections to fail with 401.
Inject getAuthHeaders() into requestInit when useProxy is true so the
proxy request carries the Bearer token alongside the forwarded target
headers.
Fixes #21167
* fix: simplify headers assignment based on reviewer suggestion
Apply buildProxiedHeaders only when useProxy is true, pass headers
directly to the transport otherwise.
import {
buildProxiedUrl,
buildProxiedHeaders,
+ getAuthHeaders,
throwIfAborted,
isAbortError,
createBase64DataUrl
const requestInit: RequestInit = {};
if (config.headers) {
- requestInit.headers = buildProxiedHeaders(config.headers);
+ requestInit.headers = config.useProxy ? buildProxiedHeaders(config.headers) : config.headers;
+ }
+
+ if (useProxy) {
+ requestInit.headers = {
+ ...getAuthHeaders(),
+ ...(requestInit.headers as Record<string, string>)
+ };
}
if (config.credentials) {
overview / pkg / ggml / sources / llama.cpp / commitdiff