Merge pull request #451 from goecho/main

Fix bug: Header attributes (Host, Authorization, Origin, Referer) not sanitized.
2025-08-08 10:22:39 +02:00 · 2024-01-11 03:57:38 -08:00
parent b1f29aacd8 74f91bc74d
commit 5c5bde3b85
1 changed files with 4 additions and 4 deletions
--- a/backend/apps/ollama/main.py
+++ b/backend/apps/ollama/main.py
@@ -65,10 +65,10 @@ async def proxy(path: str, request: Request, user=Depends(get_current_user)):
    else:
        raise HTTPException(status_code=401, detail=ERROR_MESSAGES.ACCESS_PROHIBITED)
-    headers.pop("Host", None)
+    headers.pop("host", None)
-    headers.pop("Authorization", None)
+    headers.pop("authorization", None)
-    headers.pop("Origin", None)
+    headers.pop("origin", None)
-    headers.pop("Referer", None)
+    headers.pop("referer", None)
    r = None