[Infra] Merge dev branch#25972
Conversation
…headers and add tests - Move protected-headers set to module level as a frozenset - Add x-api-key, x-goog-api-key to protected set (provider credential headers) - Block x-amz- prefix to cover AWS SigV4 signing headers - Normalize forwarded header names to lowercase on write - Log at debug level when a protected header is skipped - Add unit test covering protected-header drop and non-protected forwarding
[Fix] Restrict x-pass- header forwarding for credential and protocol headers
[Fix] Tighten api_key value check in credential validation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
yuneng-berri
had a problem deploying
to
integration-postgres
GitHub Actions
Error
yuneng-berri
temporarily deployed
to
integration-postgres
GitHub Actions
Inactive
yuneng-berri
temporarily deployed
to
integration-postgres
GitHub Actions
Inactive
yuneng-berri
temporarily deployed
to
integration-postgres
GitHub Actions
Inactive
Greptile SummaryThis PR contains two targeted security hardening changes: (1) Confidence Score: 5/5Safe to merge — both security fixes are correct and well-tested, with no P0/P1 issues found. The credential-injection fix in passthrough/utils.py is logically sound: prefix stripping is done before the protected-header lookup, case normalisation is applied correctly, and the frozenset membership + prefix check are both O(1). The check_complete_credentials tightening in auth_utils.py closes a real but narrow bypass (null/empty api_key treated as valid). All new code paths have matching unit tests. The single P2 note (missing cookie in the blocklist) is purely defensive and does not affect current providers. No files require special attention.
|
| Filename | Overview |
|---|---|
| litellm/passthrough/utils.py | Adds _PASS_THROUGH_PROTECTED_HEADERS frozenset and _PASS_THROUGH_PROTECTED_HEADER_PREFIXES to prevent credential injection via x-pass-* headers; lowercases stripped header name before lookup; logic is correct. |
| litellm/proxy/auth/auth_utils.py | Tightens check_complete_credentials to require api_key be a non-empty, non-whitespace string, closing a bypass where presence of the key (even with null/empty value) was previously sufficient. |
| tests/test_litellm/proxy/pass_through_endpoints/test_vertex_passthrough_load_balancing.py | Adds test_forward_headers_from_request_protected_headers_not_overwritten covering all protected header types and lowercase normalization; no real network calls. |
| tests/proxy_unit_tests/test_proxy_utils.py | Adds parametrized test for check_complete_credentials covering empty string, None, and whitespace cases; remaining changes are Black formatting only. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Incoming request header] --> B{starts with x-pass-?}
B -- No --> C[Ignored or handled by forward_headers path]
B -- Yes --> D[Strip prefix and lowercase to get actual_header_name]
D --> E{In protected headers set or starts with x-amz-?}
E -- Yes --> F[SKIP - proxy credential preserved]
E -- No --> G[Forward header to upstream]
Reviews (1): Last reviewed commit: "Merge remote-tracking branch 'origin/lit..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
| _PASS_THROUGH_PROTECTED_HEADERS: frozenset = frozenset( | ||
| { | ||
| "authorization", | ||
| "api-key", | ||
| "x-api-key", | ||
| "x-goog-api-key", | ||
| "host", | ||
| "content-length", | ||
| } | ||
| ) |
There was a problem hiding this comment.
cookie header not protected
cookie is absent from _PASS_THROUGH_PROTECTED_HEADERS. A client could send x-pass-cookie: session=<value> and have it forwarded to the upstream provider. For the current set of passthrough targets (Vertex AI, Anthropic, Bedrock) this is benign because they use API-key auth, but it's worth adding "cookie" defensively if any future upstream relies on session cookies — and it costs nothing to block it now.
| _PASS_THROUGH_PROTECTED_HEADERS: frozenset = frozenset( | |
| { | |
| "authorization", | |
| "api-key", | |
| "x-api-key", | |
| "x-goog-api-key", | |
| "host", | |
| "content-length", | |
| } | |
| ) | |
| _PASS_THROUGH_PROTECTED_HEADERS: frozenset = frozenset( | |
| { | |
| "authorization", | |
| "api-key", | |
| "x-api-key", | |
| "x-goog-api-key", | |
| "host", | |
| "content-length", | |
| "cookie", | |
| } | |
| ) |
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
yuneng-berri
merged commit 6a9f8f7
into
litellm_internal_staging
2 participants
Relevant issues
Pre-Submission checklist
Please complete all items before asking a LiteLLM maintainer to review your PR
tests/test_litellm/directory, Adding at least 1 test is a hard requirement - see detailsmake test-unit@greptileaiand received a Confidence Score of at least 4/5 before requesting a maintainer reviewDelays in PR merge?
If you're seeing a delay in your PR being merged, ping the LiteLLM Team on Slack (#pr-review).
CI (LiteLLM team)
Branch creation CI run
Link:
CI run for the last commit
Link:
Merge / cherry-pick CI run
Links:
Screenshots / Proof of Fix
Type
🚄 Infrastructure
Changes