fix(proxy): strip OpenRouter hop-by-hop request headers#1898
Conversation
Scope the guard to Codex OpenRouter chat/responses requests only. Refs #1888
|
@codex review |
|
Codex Review: Didn't find any major issues. Can't wait for the next one! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
|
Hi, I owe you an apology for the long silence. As the sole maintainer of this project, I've been overwhelmed and fell behind on reviews — but that's on me, not on you. Your contribution matters and I will review this PR. If it needs a rebase, just let me know or I can handle it. Thank you for your time and patience. |
|
@codex review |
|
Codex Review: Didn't find any major issues. Can't wait for the next one! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
The issue-1888 branch only stripped hop-by-hop headers for Codex requests hitting a narrow set of OpenRouter endpoints. That left Claude-compatible paths and custom-domain OpenRouter relays forwarding Connection-derived headers. The forwarder now treats any OpenRouter provider as eligible, keyed by providerType with openrouter.ai as a backward-compatible fallback, and keeps the helper coverage focused on both static and dynamic header names. Constraint: Existing issue-1888 logic already depended on forwarder-side header rewriting Rejected: Endpoint-specific allowlist | still misses Claude-compatible and custom-domain OpenRouter routes Confidence: high Scope-risk: narrow Reversibility: clean Directive: Keep providerType-based OpenRouter matching ahead of hostname heuristics when this path evolves Tested: cargo test --manifest-path src-tauri/Cargo.toml forwarder::tests Tested: cargo clippy --manifest-path src-tauri/Cargo.toml --lib -- -W clippy::too_many_arguments Not-tested: Live request against a custom-domain OpenRouter relay
farion1231
left a comment
farion1231
left a comment
There was a problem hiding this comment.
P1
动态剥离后又补回 anthropic-beta
在 OpenRouter 的 Claude-compatible 路径里,如果客户端发送 Connection: anthropic-beta 和 anthropic-beta: context-management-2025-06-27,这里的动态 token 逻辑会跳过原始 anthropic-beta,但 saw_anthropic_beta 仍是 false;后面的补头逻辑又会把预计算的 anthropic_beta_value 追加回去。结果 OpenRouter 仍会收到 context-management-*,#1888/#1913 的失败路径没有被真正消除。建议在动态 token 命中 anthropic-beta 时抑制或过滤 anthropic_beta_value,并加一个覆盖 Connection: anthropic-beta 的单测。
P2
自定义域 OpenRouter 没有实际写入 providerType
这个 helper 只有在 meta.providerType 已经是 openrouter,或 base_url 包含 openrouter.ai 时才启用。PR 的测试覆盖了 relay.example + providerType=openrouter,但前端 OpenRouter 预设没有写入 providerType,类型也只允许 github_copilot/codex_oauth;用户把 OpenRouter 改成自定义中转域名后 meta.providerType 通常仍为空,base_url fallback 也失效,动态 hop-by-hop 头仍会泄露。需要给 OpenRouter 预设和保存路径写入 openrouter,或换一个能识别 OpenRouter relay 的持久标记。
2 participants
Summary
Testing
Closes #1888
Closes #1913