fix: nil-guard Config in stripUntrustedIdentityHeaders

yossiovadia · yossiovadia · commit 9dbad1d3afef · 2026-03-18T12:48:43.000-07:00
Signed-off-by: Yossi Ovadia &lt;yovadia@redhat.com&gt;
diff --git a/src/semantic-router/pkg/extproc/processor_req_header.go b/src/semantic-router/pkg/extproc/processor_req_header.go
@@ -88,7 +88,7 @@ func captureRequestHeaders(
 // is false, preventing clients from spoofing user identity for role-based routing,
 // per-user rate limits, and memory isolation.
 func (r *OpenAIRouter) stripUntrustedIdentityHeaders(ctx *RequestContext) {
-	if r.Config.Authz.ShouldTrustIdentityHeaders() {
+	if r.Config == nil || r.Config.Authz.ShouldTrustIdentityHeaders() {
 		return
 	}
 	userIDHeader := r.Config.Authz.Identity.GetUserIDHeader()

Original file line number	Diff line number	Diff line change
`@@ -88,7 +88,7 @@ func captureRequestHeaders(`
`88`	`88`	`// is false, preventing clients from spoofing user identity for role-based routing,`
`89`	`89`	`// per-user rate limits, and memory isolation.`
`90`	`90`	`func (r OpenAIRouter) stripUntrustedIdentityHeaders(ctx RequestContext) {`
`91`		`- if r.Config.Authz.ShouldTrustIdentityHeaders() {`
	`91`	`+ if r.Config == nil \|\| r.Config.Authz.ShouldTrustIdentityHeaders() {`
`92`	`92`	`return`
`93`	`93`	`}`
`94`	`94`	`userIDHeader := r.Config.Authz.Identity.GetUserIDHeader()`