Merge pull request #2489 from Soein/upstream-pr

fix: 增强 Claude 反代检测对抗能力
2026-04-18 04:14:28 +00:00 · 2026-04-02 21:16:58 +08:00
parent a59e92435b bb44671845
commit e3eb048c7a
6 changed files with 420 additions and 22 deletions
--- a/sdk/api/handlers/header_filter.go
+++ b/sdk/api/handlers/header_filter.go
@@ -5,6 +5,18 @@ import (
 	"strings"
 )

+// gatewayHeaderPrefixes lists header name prefixes injected by known AI gateway
+// proxies. Claude Code's client-side telemetry detects these and reports the
+// gateway type, so we strip them from upstream responses to avoid detection.
+var gatewayHeaderPrefixes = []string{
+	"x-litellm-",
+	"helicone-",
+	"x-portkey-",
+	"cf-aig-",
+	"x-kong-",
+	"x-bt-",
+}
+
 // hopByHopHeaders lists RFC 7230 Section 6.1 hop-by-hop headers that MUST NOT
 // be forwarded by proxies, plus security-sensitive headers that should not leak.
 var hopByHopHeaders = map[string]struct{}{
@@ -40,6 +52,19 @@ func FilterUpstreamHeaders(src http.Header) http.Header {
 		if _, scoped := connectionScoped[canonicalKey]; scoped {
 			continue
 		}
+		// Strip headers injected by known AI gateway proxies to avoid
+		// Claude Code client-side gateway detection.
+		lowerKey := strings.ToLower(key)
+		gatewayMatch := false
+		for _, prefix := range gatewayHeaderPrefixes {
+			if strings.HasPrefix(lowerKey, prefix) {
+				gatewayMatch = true
+				break
+			}
+		}
+		if gatewayMatch {
+			continue
+		}
 		dst[key] = values
 	}
 	if len(dst) == 0 {