From 7a36db4abb1e46a5f7acc74016c87561aac04cfe Mon Sep 17 00:00:00 2001
From: JiangNan <1394485448@qq.com>
Date: Sun, 8 Mar 2026 22:09:30 +0800
Subject: [PATCH] fix: add missing authorization check in AsyncClient
 web_search and web_fetch

The sync Client.web_search and Client.web_fetch both validate that a
Bearer token is present in the authorization header before making
requests to ollama.com API endpoints. However, their async counterparts
in AsyncClient are missing this check entirely, allowing unauthenticated
requests to go through and fail with unclear server-side errors.

Add the same authorization header validation to AsyncClient.web_search
and AsyncClient.web_fetch to match the sync implementation and provide
clear error messages when credentials are missing.

Signed-off-by: JiangNan <1394485448@qq.com>
---
 ollama/_client.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/ollama/_client.py b/ollama/_client.py
index 18cb0fb4..bc154338 100644
--- a/ollama/_client.py
+++ b/ollama/_client.py
@@ -801,7 +801,12 @@ async def web_search(self, query: str, max_results: int = 3) -> WebSearchRespons
 
     Returns:
       WebSearchResponse with the search results
+    Raises:
+      ValueError: If OLLAMA_API_KEY environment variable is not set
     """
+    if not self._client.headers.get('authorization', '').startswith('Bearer '):
+      raise ValueError('Authorization header with Bearer token is required for web search')
+
     return await self._request(
       WebSearchResponse,
       'POST',
@@ -821,7 +826,12 @@ async def web_fetch(self, url: str) -> WebFetchResponse:
 
     Returns:
       WebFetchResponse with the fetched result
+    Raises:
+      ValueError: If OLLAMA_API_KEY environment variable is not set
     """
+    if not self._client.headers.get('authorization', '').startswith('Bearer '):
+      raise ValueError('Authorization header with Bearer token is required for web fetch')
+
     return await self._request(
       WebFetchResponse,
       'POST',