airkjw/CLIProxyAPI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(executor): completely scrub all proxy tracing headers in executor

Browse Source
This commit is contained in:
maplelove
2026-02-22 19:43:10 +08:00
parent abb51a0d93
commit 9370b5bd04
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/api/modules/amp/proxy.go
+5
View File
@@ -76,7 +76,12 @@ func createReverseProxy(upstreamURL string, secretSource SecretSource) (*httputi
// Remove proxy tracing headers to avoid upstream detection // Remove proxy tracing headers to avoid upstream detection
req.Header.Del("X-Forwarded-For") req.Header.Del("X-Forwarded-For")
req.Header.Del("X-Forwarded-Host")
req.Header.Del("X-Forwarded-Proto")
req.Header.Del("X-Forwarded-Port")
req.Header.Del("X-Real-IP") req.Header.Del("X-Real-IP")
req.Header.Del("Forwarded")
req.Header.Del("Via")
// Remove query-based credentials if they match the authenticated client API key. // Remove query-based credentials if they match the authenticated client API key.
// This prevents leaking client auth material to the Amp upstream while avoiding // This prevents leaking client auth material to the Amp upstream while avoiding
internal/runtime/executor/antigravity_executor.go
+20
View File
@@ -130,7 +130,12 @@ func (e *AntigravityExecutor) HttpRequest(ctx context.Context, auth *cliproxyaut
httpReq.Close = true httpReq.Close = true
httpReq.Header.Del("Accept") httpReq.Header.Del("Accept")
httpReq.Header.Del("X-Forwarded-For") httpReq.Header.Del("X-Forwarded-For")
httpReq.Header.Del("X-Forwarded-Host")
httpReq.Header.Del("X-Forwarded-Proto")
httpReq.Header.Del("X-Forwarded-Port")
httpReq.Header.Del("X-Real-IP") httpReq.Header.Del("X-Real-IP")
httpReq.Header.Del("Forwarded")
httpReq.Header.Del("Via")
httpClient := newAntigravityHTTPClient(ctx, e.cfg, auth, 0) httpClient := newAntigravityHTTPClient(ctx, e.cfg, auth, 0)
return httpClient.Do(httpReq) return httpClient.Do(httpReq)
} }
@@ -950,7 +955,12 @@ func (e *AntigravityExecutor) CountTokens(ctx context.Context, auth *cliproxyaut
httpReq.Header.Set("Authorization", "Bearer "+token) httpReq.Header.Set("Authorization", "Bearer "+token)
httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) httpReq.Header.Set("User-Agent", resolveUserAgent(auth))
httpReq.Header.Del("X-Forwarded-For") httpReq.Header.Del("X-Forwarded-For")
httpReq.Header.Del("X-Forwarded-Host")
httpReq.Header.Del("X-Forwarded-Proto")
httpReq.Header.Del("X-Forwarded-Port")
httpReq.Header.Del("X-Real-IP") httpReq.Header.Del("X-Real-IP")
httpReq.Header.Del("Forwarded")
httpReq.Header.Del("Via")
if host := resolveHost(base); host != "" { if host := resolveHost(base); host != "" {
httpReq.Host = host httpReq.Host = host
} }
@@ -1068,7 +1078,12 @@ func FetchAntigravityModels(ctx context.Context, auth *cliproxyauth.Auth, cfg *c
httpReq.Header.Set("Authorization", "Bearer "+token) httpReq.Header.Set("Authorization", "Bearer "+token)
httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) httpReq.Header.Set("User-Agent", resolveUserAgent(auth))
httpReq.Header.Del("X-Forwarded-For") httpReq.Header.Del("X-Forwarded-For")
httpReq.Header.Del("X-Forwarded-Host")
httpReq.Header.Del("X-Forwarded-Proto")
httpReq.Header.Del("X-Forwarded-Port")
httpReq.Header.Del("X-Real-IP") httpReq.Header.Del("X-Real-IP")
httpReq.Header.Del("Forwarded")
httpReq.Header.Del("Via")
if host := resolveHost(baseURL); host != "" { if host := resolveHost(baseURL); host != "" {
httpReq.Host = host httpReq.Host = host
} }
@@ -1371,7 +1386,12 @@ func (e *AntigravityExecutor) buildRequest(ctx context.Context, auth *cliproxyau
httpReq.Header.Set("Authorization", "Bearer "+token) httpReq.Header.Set("Authorization", "Bearer "+token)
httpReq.Header.Set("User-Agent", resolveUserAgent(auth)) httpReq.Header.Set("User-Agent", resolveUserAgent(auth))
httpReq.Header.Del("X-Forwarded-For") httpReq.Header.Del("X-Forwarded-For")
httpReq.Header.Del("X-Forwarded-Host")
httpReq.Header.Del("X-Forwarded-Proto")
httpReq.Header.Del("X-Forwarded-Port")
httpReq.Header.Del("X-Real-IP") httpReq.Header.Del("X-Real-IP")
httpReq.Header.Del("Forwarded")
httpReq.Header.Del("Via")
if host := resolveHost(base); host != "" { if host := resolveHost(base); host != "" {
httpReq.Host = host httpReq.Host = host
} }