Feature: Support custom HTTP headers for server connections in Desktop app

[gander]

Problem Description

The app does not currently support configuring custom HTTP headers for server connections. This feature is available in the Android app, where custom headers can be set per connection.

Without this capability, users who host their Open WebUI instance behind a firewall or reverse proxy that requires authentication via custom headers (e.g., X-Auth-Token, Authorization, CF-Access-Client-Id) cannot connect from the Desktop app.

Expected Behavior

Users should be able to define custom HTTP headers per server connection in the Desktop app's connection settings UI. These headers should be included in every request sent to the configured server - matching the behavior already available in the Android app.

Actual Behavior

The connection settings in the Desktop app only allow configuring the server URL. There is no option to add custom headers. As a result, instances protected by header-based authentication or firewall rules are unreachable.

Additional Information

• Version: 0.0.9
• OS: Ubuntu 24

[icsy7867]

I came here looking for a solution here. Though I am not familiar with the android app. But I am a little confused by the setup you are describing.

I am using oauth2-proxy in front of open-webui currently. But I am confused on what you are suggesting. In my setup, there is no key/value that I can put into a request that could possibly make it to open-webui. And you are reffering to:
https://docs.openwebui.com/features/authentication-access/auth/sso/#trusted-header ?

Perhaps you are somehow generating a token for open-webui and then using a secure token for auth? Or maybe I am not understanding how you are handling auth.

With oauth2-proxy, I have to login via OIDC, and IFF that is successful, oauth2-proxy sends my trusted headers (Username and email address). If I try to submit one of these headers, oauth2-proxy will just clear them and set them post authentication. Once this occurs successfully, I believe open-webui sends an authorization cookie that is then used for authentication.

At least in my scenario, the desktop app would still need to issue some sort of cookie or something for authentication? Or perhaps the desktop app uses a different authentication mechanism post login? But assuming there is a separate login process for this, the desktop app would need to be notified I think.

Sorry not trying to knock your post, it is extremely relevant to my needs as well! I think I want/need the same thing, or something similar.

[icsy7867]

I am not able to test this header implementation. But I did give it a whirl:
#217 (comment)

For any sort of proxy based auth I think this should work. I treaked the code (I mean codex did... lets be honest) so that there is an OPTION for the auth to happen in a separate electron window. This allows any authentication cookies to be cached and used just like a normal browser.

[gander]

Just to clarify my earlier comment - I was comparing the wrong apps. The mobile client I was referring to is Conduit, a third-party native Open WebUI client for iOS/Android (Flutter, GPL-3.0), not the official Open WebUI Android app.

Conduit explicitly supports custom headers per connection (e.g. CF-Access-Client-Id / CF-Access-Client-Secret for Cloudflare Zero Trust service tokens), which is exactly what I need - my instance runs on a private VPS behind Cloudflare Zero Trust with a service token protecting the API.

The point still stands though: it would be great if the Desktop app supported the same - just a key/value header list in the connection settings, the same way Conduit does it on mobile.