LLM/CLIProxyAPIPlus
1
0
Fork 0
mirror of https://github.com/router-for-me/CLIProxyAPIPlus.git synced 2026-03-09 15:25:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(scrub): add comprehensive browser fingerprint and client identity header scrubbing

Browse Source
This commit is contained in:
maplelove
2026-02-22 20:51:00 +08:00
parent 9491517b26
commit 5dc1848466
3 changed files with 73 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/runtime/executor/antigravity_executor.go
View File

@@ -149,13 +149,7 @@ func (e *AntigravityExecutor) HttpRequest(ctx context.Context, auth *cliproxyaut
}
httpReq.Close = true
httpReq.Header.Del("Accept")
httpReq.Header.Del("X-Forwarded-For")
httpReq.Header.Del("X-Forwarded-Host")
httpReq.Header.Del("X-Forwarded-Proto")
httpReq.Header.Del("X-Forwarded-Port")
httpReq.Header.Del("X-Real-IP")
httpReq.Header.Del("Forwarded")
httpReq.Header.Del("Via")
scrubProxyAndFingerprintHeaders(httpReq)
httpClient := newAntigravityHTTPClient(ctx, e.cfg, auth, 0)
return httpClient.Do(httpReq)
}
@@ -1405,13 +1399,7 @@ func (e *AntigravityExecutor) buildRequest(ctx context.Context, auth *cliproxyau
httpReq.Header.Set("Content-Type", "application/json")
httpReq.Header.Set("Authorization", "Bearer "+token)
httpReq.Header.Set("User-Agent", resolveUserAgent(auth))
httpReq.Header.Del("X-Forwarded-For")
httpReq.Header.Del("X-Forwarded-Host")
httpReq.Header.Del("X-Forwarded-Proto")
httpReq.Header.Del("X-Forwarded-Port")
httpReq.Header.Del("X-Real-IP")
httpReq.Header.Del("Forwarded")
httpReq.Header.Del("Via")
scrubProxyAndFingerprintHeaders(httpReq)
if host := resolveHost(base); host != "" {
httpReq.Host = host
}

50
internal/runtime/executor/header_scrub.go Normal file
View File

@@ -0,0 +1,50 @@
package executor
import "net/http"
// scrubProxyAndFingerprintHeaders removes all headers that could reveal
// proxy infrastructure, client identity, or browser fingerprints from an
// outgoing request. This ensures requests to Google look like they
// originate directly from the Antigravity IDE (Node.js) rather than
// a third-party client behind a reverse proxy.
func scrubProxyAndFingerprintHeaders(req *http.Request) {
if req == nil {
return
}
// --- Proxy tracing headers ---
req.Header.Del("X-Forwarded-For")
req.Header.Del("X-Forwarded-Host")
req.Header.Del("X-Forwarded-Proto")
req.Header.Del("X-Forwarded-Port")
req.Header.Del("X-Real-IP")
req.Header.Del("Forwarded")
req.Header.Del("Via")
// --- Client identity headers ---
req.Header.Del("X-Title")
req.Header.Del("X-Stainless-Lang")
req.Header.Del("X-Stainless-Package-Version")
req.Header.Del("X-Stainless-Os")
req.Header.Del("X-Stainless-Arch")
req.Header.Del("X-Stainless-Runtime")
req.Header.Del("X-Stainless-Runtime-Version")
req.Header.Del("Http-Referer")
req.Header.Del("Referer")
// --- Browser / Chromium fingerprint headers ---
// These are sent by Electron-based clients (e.g. CherryStudio) using the
// Fetch API, but NOT by Node.js https module (which Antigravity uses).
req.Header.Del("Sec-Ch-Ua")
req.Header.Del("Sec-Ch-Ua-Mobile")
req.Header.Del("Sec-Ch-Ua-Platform")
req.Header.Del("Sec-Fetch-Mode")
req.Header.Del("Sec-Fetch-Site")
req.Header.Del("Sec-Fetch-Dest")
req.Header.Del("Priority")
// --- Encoding negotiation ---
// Antigravity (Node.js) sends "gzip, deflate, br" by default;
// Electron-based clients may add "zstd" which is a fingerprint mismatch.
req.Header.Del("Accept-Encoding")
}