Skip to content

Commit a4c3f5e

Browse files
RobertCraigieRobertCraigie
committed
allow ephemeral API keys without dangerouslyAllowBrowser: true
1 parent 9aecb84 commit a4c3f5e

File tree

2 files changed

+8
-13
lines changed

2 files changed

+8
-13
lines changed

examples/realtime/websocket.ts

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,6 @@ async function main() {
66
// access the underlying `ws.WebSocket` instance
77
rt.socket.addEventListener('open', () => {
88
console.log('Connection opened!');
9-
rt.send({
10-
type: 'session.update',
11-
session: {
12-
modalities: ['foo'] as any,
13-
model: 'gpt-4o-realtime-preview',
14-
},
15-
});
169
rt.send({
1710
type: 'session.update',
1811
session: {

src/beta/realtime/websocket.ts

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -31,16 +31,18 @@ export class OpenAIRealtimeWebSocket extends OpenAIRealtimeEmitter {
3131
) {
3232
super();
3333

34-
if (
35-
!(props.dangerouslyAllowBrowser || (client as any)?._options?.dangerouslyAllowBrowser) &&
36-
Core.isRunningInBrowser()
37-
) {
34+
const dangerouslyAllowBrowser =
35+
props.dangerouslyAllowBrowser ??
36+
(client as any)?._options?.dangerouslyAllowBrowser ??
37+
(client?.apiKey.startsWith('ek_') ? true : null);
38+
39+
if (!dangerouslyAllowBrowser && Core.isRunningInBrowser()) {
3840
throw new OpenAIError(
39-
"It looks like you're running in a browser-like environment.\n\nThis is disabled by default, as it risks exposing your secret API credentials to attackers.\nIf you understand the risks and have appropriate mitigations in place,\nyou can set the `dangerouslyAllowBrowser` option to `true`, e.g.,\n\nnew OpenAIRealtimeWeb({ model, dangerouslyAllowBrowser: true });\n\nhttps://help.openai.com/en/articles/5112595-best-practices-for-api-key-safety\n",
41+
"It looks like you're running in a browser-like environment.\n\nThis is disabled by default, as it risks exposing your secret API credentials to attackers.\n\nYou can avoid this error by creating an ephemeral session token:\nhttps://platform.openai.com/docs/api-reference/realtime-sessions\n",
4042
);
4143
}
4244

43-
client ??= new OpenAI({ dangerouslyAllowBrowser: props.dangerouslyAllowBrowser });
45+
client ??= new OpenAI({ dangerouslyAllowBrowser });
4446

4547
this.url = buildRealtimeURL({ baseURL: client.baseURL, model: props.model });
4648
// @ts-ignore

0 commit comments

Comments
 (0)