[GH-ISSUE #1382] [BUG]: Embed API Improvements #882

Closed
opened 2026-02-22 18:22:00 -05:00 by yindo · 4 comments
Owner

Originally created by @chalitbkb on GitHub (May 13, 2024).
Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/1382

Originally assigned to: @shatfield4 on GitHub.

How are you running AnythingLLM?

All versions

What happened?

The API is unsafe when I use the 'embed' feature on my website. I can intercept all API requests, which I can then exploit anywhere. This needs to be fixed urgently. Even the 'sessionId' can be altered to bypass the existing limitations on the number of requests per session.

image

Are there known steps to reproduce?

No response

Originally created by @chalitbkb on GitHub (May 13, 2024). Original GitHub issue: https://github.com/Mintplex-Labs/anything-llm/issues/1382 Originally assigned to: @shatfield4 on GitHub. ### How are you running AnythingLLM? All versions ### What happened? The API is unsafe when I use the 'embed' feature on my website. I can intercept all API requests, which I can then exploit anywhere. This needs to be fixed urgently. Even the 'sessionId' can be altered to bypass the existing limitations on the number of requests per session. ![image](https://github.com/Mintplex-Labs/anything-llm/assets/32437546/b57f7be0-8c5a-4711-a62e-a34eb93c44ec) ### Are there known steps to reproduce? _No response_
yindo added the enhancementcore-team-only labels 2026-02-22 18:22:00 -05:00
yindo closed this issue 2026-02-22 18:22:00 -05:00
Author
Owner

@timothycarambat commented on GitHub (May 13, 2024):

The session ID is not a security feature. It is how chats are referenced to keep their history consistent on page loads. This exists in lieu of the ability to track by a user id.

@timothycarambat commented on GitHub (May 13, 2024): The session ID is not a security feature. It is how chats are referenced to keep their history consistent on page loads. This exists in lieu of the ability to track by a user id.
Author
Owner

@chalitbkb commented on GitHub (May 13, 2024):

The session ID is not a security feature. It is how chats are referenced to keep their history consistent on page loads. This exists in lieu of the ability to track by a user id.

I understand what you mean, but why can I intercept API requests and use them elsewhere? For example, I capture the URL endpoint, headers, and body to create a backend with Node.js. Then I try sending a POST request. It can send the request, but from a security standard perspective, this shouldn't be the case. You should encrypt the data using something like the 'crypto-js module' or similar before sending the request to prevent unauthorized use elsewhere.

I believe that if I were to examine the chatbox of others using the 'anything-llm' service, I am confident that I could intercept their requests and then use them elsewhere, which means I could send unlimited requests anywhere.

@chalitbkb commented on GitHub (May 13, 2024): > The session ID is not a security feature. It is how chats are referenced to keep their history consistent on page loads. This exists in lieu of the ability to track by a user id. I understand what you mean, but why can I intercept API requests and use them elsewhere? For example, I capture the URL endpoint, headers, and body to create a backend with Node.js. Then I try sending a POST request. It can send the request, but from a security standard perspective, this shouldn't be the case. You should encrypt the data using something like the 'crypto-js module' or similar before sending the request to prevent unauthorized use elsewhere. I believe that if I were to examine the chatbox of others using the 'anything-llm' service, I am confident that I could intercept their requests and then use them elsewhere, which means I could send unlimited requests anywhere.
Author
Owner

@timothycarambat commented on GitHub (May 13, 2024):

This would just be CORS blocking from the Origin header, which of course can always be spoofed with tools like Burpsuite. The embed chat functionality was added because many people wanted to just expose something like this but we warn this in the embed config styleguide https://github.com/Mintplex-Labs/anything-llm/tree/master/embed#security

I dont disagree with you that this is an annoyance and likely should not be enabled. Does the domain allowlist not improve this? https://github.com/Mintplex-Labs/anything-llm/blob/2fabc845789fb60f078c092fb6b5bd6aed1c3475/server/utils/middleware/embedMiddleware.js#L65

It does not prevent a session ID rotation or replay. We could add an IP logger and restrict based on IP, but this still does not make that whole endpoint more robust since all of these client side things can be spoofed? I think that could be a good improvement though?

@timothycarambat commented on GitHub (May 13, 2024): This would just be CORS blocking from the `Origin` header, which of course can always be spoofed with tools like Burpsuite. The embed chat functionality was added because many people wanted to just expose something like this but we warn this in the embed config styleguide https://github.com/Mintplex-Labs/anything-llm/tree/master/embed#security I **dont disagree** with you that this is an annoyance and likely should not be enabled. Does the domain allowlist not improve this? https://github.com/Mintplex-Labs/anything-llm/blob/2fabc845789fb60f078c092fb6b5bd6aed1c3475/server/utils/middleware/embedMiddleware.js#L65 It does not prevent a session ID rotation or replay. We could add an IP logger and restrict based on IP, but this still does not make that whole endpoint more robust since all of these client side things can be spoofed? I think that could be a good improvement though?
Author
Owner

@chalitbkb commented on GitHub (May 13, 2024):

This would just be CORS blocking from the Origin header, which of course can always be spoofed with tools like Burpsuite. The embed chat functionality was added because many people wanted to just expose something like this but we warn this in the embed config styleguide https://github.com/Mintplex-Labs/anything-llm/tree/master/embed#security

I dont disagree with you that this is an annoyance and likely should not be enabled. Does the domain allowlist not improve this? https://github.com/Mintplex-Labs/anything-llm/blob/2fabc845789fb60f078c092fb6b5bd6aed1c3475/server/utils/middleware/embedMiddleware.js#L65

It does not prevent a session ID rotation or replay. We could add an IP logger and restrict based on IP, but this still does not make that whole endpoint more robust since all of these client side things can be spoofed? I think that could be a good improvement though?

Yes, sir, you understand correctly just as you thought.

@chalitbkb commented on GitHub (May 13, 2024): > This would just be CORS blocking from the `Origin` header, which of course can always be spoofed with tools like Burpsuite. The embed chat functionality was added because many people wanted to just expose something like this but we warn this in the embed config styleguide https://github.com/Mintplex-Labs/anything-llm/tree/master/embed#security > > > > I **dont disagree** with you that this is an annoyance and likely should not be enabled. Does the domain allowlist not improve this? https://github.com/Mintplex-Labs/anything-llm/blob/2fabc845789fb60f078c092fb6b5bd6aed1c3475/server/utils/middleware/embedMiddleware.js#L65 > > > > It does not prevent a session ID rotation or replay. We could add an IP logger and restrict based on IP, but this still does not make that whole endpoint more robust since all of these client side things can be spoofed? I think that could be a good improvement though? Yes, sir, you understand correctly just as you thought.
yindo changed title from [BUG]: Embed API Improvements to [GH-ISSUE #1382] [BUG]: Embed API Improvements 2026-06-05 14:37:43 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#882