fix: pre-release blockers (redirect guards, FREE_ONLY shim, version, docs)

Final pre-release hardening for v1.6.1, found by a multi-agent audit:

Security:
- Add allow_redirects=False to all four OpenRouter HTTP calls (/models,
  /chat/completions, provider-registry fetch, ZDR /endpoints/zdr fetch).
  v1.3-1.6 added two new GETs that lacked the guard; with requests>=2.32.4
  this closes the Authorization-header redirect-leak class (CVE-2024-35195).

Changed:
- FREE_MODEL_FILTER default now honours the legacy OPENROUTER_FREE_ONLY=true
  env var (maps to "only") so upgrades from the FREE_ONLY era don't silently
  return paid models.

Fixed:
- function.json version 1.6.0 -> 1.6.1 (matched the code) + updated_at bump.
- Docs: replace all FREE_ONLY references in README/TESTING with
  FREE_MODEL_FILTER, add a migration note, add the missing SHOW_COST_INFO /
  COST_CURRENCY valves to the config table, expand the Features list (ZDR,
  tool-calling filter, provider preferences), and correct test counts (557
  unit / 44 integration).

Test suite: 557 passing; mypy + pyflakes clean.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Author: sena-labs

CHANGELOG.md

@@ -7,6 +7,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Security
+
+- **No redirect following on any OpenRouter call** — `allow_redirects=False` is now passed to all four HTTP requests (`/models`, `/chat/completions`, the provider-registry fetch, and the ZDR `/endpoints/zdr` fetch). Combined with the `requests>=2.32.4` floor, this prevents the `Authorization: Bearer` header from being forwarded to a redirect target (CVE-2024-35195 family) if the base URL is misconfigured
+
+### Changed
+
+- **`FREE_MODEL_FILTER` honours the legacy `OPENROUTER_FREE_ONLY` env var** — when `OPENROUTER_FREE_MODEL_FILTER` is unset, `OPENROUTER_FREE_ONLY=true` now maps to `only`, so installs upgrading from the pre-1.5 `FREE_ONLY` era don't silently start returning paid models
+
+### Fixed
+
+- **Version metadata** — `function.json` reported `1.6.0` while the code was `1.6.1`; bumped the manifest version (and `updated_at`) to match
+- **Docs: `FREE_ONLY` → `FREE_MODEL_FILTER`** — README and TESTING.md still referenced the removed `FREE_ONLY` valve; updated all references, added a migration note, documented the missing `SHOW_COST_INFO` / `COST_CURRENCY` valves, and corrected the test counts
+
 ## [1.6.1] — 2026-05-08
 
 ### Fixed

README.md

@@ -66,8 +66,12 @@ cache control out of the box.
 - **Cache control** — Anthropic-style `cache_control` injection on the longest message chunk.
 - **Citations** — `[n]` references from web-search-enabled models are converted to markdown links.
 - **Provider icons** — 13 hardcoded fast-path logos plus auto-discovered icons for ~20 more providers (xAI, Inflection, NVIDIA, Arcee, Morph, Cerebras, …) lazy-loaded from OpenRouter's provider registry, all synced directly into Open WebUI's model database.
-- **Retry logic** — exponential backoff with jitter on timeout and connection errors.
-- **FREE_ONLY mode** — filter to show only free-tier models (`:free` suffix or `0/0` pricing).
+- **ZDR (Zero Data Retention)** — filter the catalog to ZDR-capable models (`ZDR_MODELS_ONLY`) and/or enforce ZDR per request (`ZDR_ENFORCE`).
+- **Tool-calling filter** — show all / only / exclude tool-capable models (`TOOL_CALLING_FILTER`).
+- **Provider preferences** — `PROVIDER_ONLY` allowlist, `PROVIDER_QUANTIZATIONS`, `PROVIDER_ALLOW_FALLBACKS`, and `PROVIDER_MAX_PRICE_PROMPT/COMPLETION` price caps.
+- **Free-tier filter** — `FREE_MODEL_FILTER` shows all / only / excludes free-tier models (`:free` suffix or `0/0` pricing).
+- **Retry logic** — exponential backoff with proportional jitter on timeout/connection errors and on HTTP 429/502/503/504 (honours `Retry-After`).
+- **Cost transparency** — `SHOW_COST_INFO` appends token usage + cost (currency configurable via `COST_CURRENCY`).
 - **Pre-flight validation** — invalid API keys are caught at model-fetch time, not after sending a message.
 
 ## Requirements
@@ -103,7 +107,7 @@ All OpenRouter models will appear in the model selector immediately.
 git clone https://github.com/sena-labs/Open-WebUI-Pipe-OpenRouter.git
 cd Open-WebUI-Pipe-OpenRouter
 pip install -r requirements.txt
-python test_pipe.py        # 431 tests — verify everything is green
+python test_pipe.py        # 557 tests — verify everything is green
 ```
 
 ## Usage
@@ -116,7 +120,7 @@ an environment variable fallback (see [Configuration](#configuration)).
 | Goal | Valves to set |
 | --- | --- |
 | Show only OpenAI and Anthropic models | `MODEL_PROVIDERS = openai,anthropic` |
-| Show only free models | `FREE_ONLY = true` |
+| Show only free models | `FREE_MODEL_FILTER = only` |
 | Use DeepSeek for reasoning | select `deepseek/deepseek-r1`, `INCLUDE_REASONING = true` |
 | Route cheapest provider first | `PROVIDER_SORT = price` |
 | Add a fallback model | `FALLBACK_MODELS = anthropic/claude-3.5-sonnet` |
@@ -213,6 +217,15 @@ Every valve accepts an environment variable fallback. The table below lists both
 | `MAX_RETRIES` | — | `2` | Auto-retry count on transient errors |
 | `HTTP_REFERER_OVERRIDE` | `OPENROUTER_HTTP_REFERER` | `""` | Override the `HTTP-Referer` header sent to OpenRouter (must include scheme). Empty falls back to `WEBUI_URL` |
 
+### Cost Display
+
+| Valve | Env Var | Default | Description |
+| --- | --- | --- | --- |
+| `SHOW_COST_INFO` | — | `false` | Append token usage and cost to each response (also requests `usage` so streaming responses include cost) |
+| `COST_CURRENCY` | `OPENROUTER_COST_CURRENCY` | `USD` | Currency label for the cost display (display only; OpenRouter bills in USD) |
+
+> **Migration (v1.5.0):** the old boolean `FREE_ONLY` valve was replaced by `FREE_MODEL_FILTER` (`all` / `only` / `exclude`). Set `FREE_MODEL_FILTER = only` to preserve the old `FREE_ONLY = true` behaviour. For backward compatibility, the legacy `OPENROUTER_FREE_ONLY=true` environment variable is still honoured when `FREE_MODEL_FILTER` is unset.
+
 ## Architecture
 
 The pipe implements the **Manifold** pattern: one pipe entry point that surfaces multiple models.
@@ -230,8 +243,8 @@ The pipe implements the **Manifold** pattern: one pipe entry point that surfaces
 Open-WebUI-Pipe-OpenRouter/
 ├── openrouter_pipe.py      # Main pipe source — install this in Open WebUI
 ├── function.json           # Open WebUI community manifest
-├── test_pipe.py            # Unit test suite (431 tests)
-├── integration_test.py     # Live API integration tests (43 assertions)
+├── test_pipe.py            # Unit test suite (557 tests)
+├── integration_test.py     # Live API integration tests (44 assertions)
 ├── TESTING.md              # Manual pre-release checklist
 ├── SECURITY.md             # Security policy
 ├── CONTRIBUTING.md         # Contribution guidelines
@@ -260,7 +273,7 @@ It also removes `user` when sent as a dict (Open WebUI format) since OpenRouter
 ## Development
 
 ```bash
-python test_pipe.py                       # Unit tests (431 tests)
+python test_pipe.py                       # Unit tests (557 tests)
 python integration_test.py               # Live API tests (requires OPENROUTER_API_KEY)
 ```
 
@@ -313,7 +326,7 @@ reasoning models can take over a minute for complex prompts.
 
 1. Verify your API key is valid (a single "error" model appears if it is not).
 2. If `MODEL_PROVIDERS` is set, confirm the provider names are lowercase: `openai`, `anthropic`, `google`.
-3. If `FREE_ONLY` is enabled, some providers may have no free models — try disabling it.
+3. If `FREE_MODEL_FILTER = only` is set, some providers may have no free models — set it back to `all`.
 4. Set `MODEL_PROVIDERS = ALL` to show the full catalog.
 
 ### Models load but chat returns errors
@@ -333,7 +346,7 @@ re-invokes the pipe with the updated thread. The pipe forwards the full message
 OpenRouter on each invocation. Whether a model can generate tool calls depends on
 OpenRouter's provider support for that model.
 
-**Q: Why does `FREE_ONLY` include models without a `:free` suffix?**
+**Q: Why does `FREE_MODEL_FILTER = only` include models without a `:free` suffix?**
 
 A: Some models are listed as free on OpenRouter without carrying a `:free` suffix in their
 ID. The pipe uses a two-pass check: first it looks for the `:free` suffix, then it falls

TESTING.md

@@ -91,8 +91,10 @@ Must exit with `All tests passed! ✓` and `✗ Failed: 0`. If any test fails, *
 | 7.1 | Set `MODEL_PROVIDERS = openai` | Only OpenAI models visible in selector |
 | 7.2 | Set `MODEL_PROVIDERS = openai` + `INVERT_PROVIDER_LIST = true` | All models **except** OpenAI visible |
 | 7.3 | Set `MODEL_PROVIDERS = ALL` or clear the field | **All** models visible again. Default `ALL` means no filter |
-| 7.4 | Set `FREE_ONLY = true` | Only free models (including those with pricing 0/0 without `:free` suffix) |
-| 7.5 | `FREE_ONLY = true` > verify that free `google/gemma-*` or `qwen/qwen3-*` appear | Models without `:free` but with pricing 0/0 are included |
+| 7.4 | Set `FREE_MODEL_FILTER = only` | Only free models (including those with pricing 0/0 without `:free` suffix) |
+| 7.5 | `FREE_MODEL_FILTER = only` > verify that free `google/gemma-*` or `qwen/qwen3-*` appear | Models without `:free` but with pricing 0/0 are included |
+| 7.6 | Set `FREE_MODEL_FILTER = exclude` | Free models hidden; only paid models remain |
+| 7.7 | Set env `OPENROUTER_FREE_ONLY=true` (legacy), leave `FREE_MODEL_FILTER` unset | Back-compat: behaves like `only` |
 
 ---
 
@@ -194,14 +196,14 @@ Must exit with `All tests passed! ✓` and `✗ Failed: 0`. If any test fails, *
 
 ## Quick pre-release checklist
 
-- [ ] `python test_pipe.py` → 431 passed, 0 failed
-- [ ] `python integration_test.py` → 43/43
+- [ ] `python test_pipe.py` → 557 passed, 0 failed
+- [ ] `python integration_test.py` → 44/44
 - [ ] Empty API key → clear error message in model selector
 - [ ] Valid API key → 340+ models with provider icons
 - [ ] Non-streaming chat works
 - [ ] Streaming chat works (token by token)
 - [ ] Reasoning tokens shown with `<think>`
-- [ ] `FREE_ONLY` filters correctly (`:free` suffix + 0/0 pricing)
+- [ ] `FREE_MODEL_FILTER` filters correctly (`only`/`exclude`/`all`; `:free` suffix + 0/0 pricing)
 - [ ] Provider filter + inversion works
 - [ ] Model prefix applied and removable
 - [ ] Fallback models present in payload

function.json

@@ -9,7 +9,7 @@
       "author": "Sena Labs",
       "author_url": "https://github.com/sena-labs",
       "funding_url": "https://github.com/sponsors/sena-labs",
-      "version": "1.6.0",
+      "version": "1.6.1",
       "license": "MIT",
       "required_open_webui_version": "0.4.0",
       "requirements": ["requests>=2.32.4", "pydantic>=2.0"]
@@ -32,6 +32,6 @@
   "content": "openrouter_pipe.py",
   "is_active": true,
   "is_global": true,
-  "updated_at": "2026-05-07T00:00:00.000Z",
+  "updated_at": "2026-05-28T00:00:00.000Z",
   "created_at": "2026-01-21T00:00:00.000Z"
 }

openrouter_pipe.py

@@ -329,11 +329,18 @@ class Valves(BaseModel):
             description="When true the provider list becomes an exclusion list",
         )
         FREE_MODEL_FILTER: str = Field(
-            default=os.getenv("OPENROUTER_FREE_MODEL_FILTER", "all"),
+            # Back-compat: honour the legacy OPENROUTER_FREE_ONLY env var
+            # (boolean) when the new var is unset, so installs upgrading from
+            # the FREE_ONLY era don't silently start returning paid models.
+            default=os.getenv(
+                "OPENROUTER_FREE_MODEL_FILTER",
+                "only" if os.getenv("OPENROUTER_FREE_ONLY", "").lower() == "true" else "all",
+            ),
             description=(
                 "Filter the catalog by free-tier status (':free' suffix or zero "
                 "prompt+completion pricing). 'all' = no filter (default), "
-                "'only' = keep just free models, 'exclude' = hide free models."
+                "'only' = keep just free models, 'exclude' = hide free models. "
+                "Replaces the legacy FREE_ONLY valve (FREE_ONLY=true → 'only')."
             ),
             json_schema_extra={
                 "input": {
@@ -746,6 +753,7 @@ def pipes(self) -> List[dict]:
                 headers=headers,
                 params=params,
                 timeout=self.valves.REQUEST_TIMEOUT,
+                allow_redirects=False,
             )
             # Detect auth errors from the models endpoint itself
             # 502 from Clerk usually means the key format is invalid
@@ -1165,6 +1173,7 @@ def _load_provider_registry(self) -> dict:
             resp = self._session.get(
                 _PROVIDER_REGISTRY_URL,
                 timeout=min(self.valves.REQUEST_TIMEOUT, 15),
+                allow_redirects=False,
             )
             try:
                 if resp.status_code == 200:
@@ -1260,6 +1269,7 @@ def _load_zdr_model_ids(self) -> frozenset:
                 f"{self._base}{_API_PATH_ZDR_ENDPOINTS}",
                 headers=self._build_headers(include_content_type=False),
                 timeout=min(self.valves.REQUEST_TIMEOUT, 30),
+                allow_redirects=False,
             )
             try:
                 if resp.status_code == 200:
@@ -1815,6 +1825,7 @@ def _retryable_request(
                     json=payload,
                     timeout=self.valves.REQUEST_TIMEOUT,
                     stream=stream,
+                    allow_redirects=False,
                 )
                 response.raise_for_status()
                 return response