open-webui SafePlaywrightURLLoader SSRF via Redirect Bypass

SafePlaywrightURLLoader validates only the initial URL, not redirect targets. An attacker can bypass SSRF protection by using HTTP redirects to reach internal services, even when ENABLE_RAG_LOCAL_WEB_FETCH is False.

Users of Open WebUI with RAG_WEB_LOADER_ENGINE=playwright, regardless of ENABLE_RAG_LOCAL_WEB_FETCH setting.

Apply the recommended patch: implement a request interceptor using Playwright's page.route to validate all requests including redirects, or disable the Playwright loader engine until patched.