fix: API_KEY_ALLOWED_ENDPOINTS

backend/open_webui/utils/auth.py

@@ -99,9 +99,9 @@ def get_current_user(
         if request.app.state.config.ENABLE_API_KEY_ENDPOINT_RESTRICTIONS:
             allowed_paths = [
                 path.strip()
-                for path in str(request.app.state.config.API_KEY_ALLOWED_PATHS).split(
-                    ","
-                )
+                for path in str(
+                    request.app.state.config.API_KEY_ALLOWED_ENDPOINTS
+                ).split(",")
             ]
 
             if request.url.path not in allowed_paths: