Skip to content

fix(ai-gateway): strip cf-* headers and skip body on GET in OpenAI proxy#7

Merged
simple10 merged 1 commit intosimple10:mainfrom
theredspoon:fix/openai-proxy-headers
Mar 12, 2026
Merged

fix(ai-gateway): strip cf-* headers and skip body on GET in OpenAI proxy#7
simple10 merged 1 commit intosimple10:mainfrom
theredspoon:fix/openai-proxy-headers

Conversation

@theredspoon
Copy link
Contributor

@theredspoon theredspoon commented Mar 9, 2026

Summary

  • Strip all cf-* headers (cf-connecting-ip, cf-ipcountry, cf-ray, cf-visitor) before forwarding to upstream in all routing modes, not just egress proxy mode
  • Remove cf-* entries from the egress proxy header list since they're already stripped globally
  • Skip sending request body on GET requests (e.g. /v1/models)

Test plan

  • POST /openai/v1/chat/completions — verify cf-* headers are not forwarded upstream
  • GET /openai/v1/models — verify no request body is sent
  • POST via egress proxy — verify host, x-real-ip, x-forwarded-* still stripped
  • CF AI Gateway mode — verify cf-aig-authorization header is still set (applied after cf-* stripping)

@theredspoon
fix(ai-gateway): strip cf-* headers and skip body on GET in OpenAI proxy
ee78bcf 
cf-connecting-ip, cf-ipcountry, cf-ray, cf-visitor were forwarded to
upstream in direct mode. Also prevents sending a request body on GET
/v1/models requests.
@theredspoon theredspoon mentioned this pull request Mar 9, 2026
Open
14 tasks
@simple10
Copy link
Owner

simple10 commented Mar 12, 2026

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

🤖 Generated with Claude Code

@simple10 simple10 merged commit ecdf648 into simple10:main Mar 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@theredspoon @simple10