LLM/CLIProxyAPIPlus
1
0
Fork 0
mirror of https://github.com/router-for-me/CLIProxyAPIPlus.git synced 2026-03-29 16:54:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(executor): completely scrub all proxy tracing headers in executor

Browse Source
This commit is contained in:
maplelove
2026-02-22 19:43:10 +08:00
parent abb51a0d93
commit 9370b5bd04
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
internal/api/modules/amp/proxy.go
View File

@@ -76,7 +76,12 @@ func createReverseProxy(upstreamURL string, secretSource SecretSource) (*httputi
// Remove proxy tracing headers to avoid upstream detection
req.Header.Del("X-Forwarded-For")
req.Header.Del("X-Forwarded-Host")
req.Header.Del("X-Forwarded-Proto")
req.Header.Del("X-Forwarded-Port")
req.Header.Del("X-Real-IP")
req.Header.Del("Forwarded")
req.Header.Del("Via")
// Remove query-based credentials if they match the authenticated client API key.
// This prevents leaking client auth material to the Amp upstream while avoiding