Merge pull request #451 from goecho/main

Fix bug: Header attributes (Host, Authorization, Origin, Referer) not sanitized.
This commit is contained in:
Timothy Jaeryang Baek 2024-01-11 03:57:38 -08:00 committed by GitHub
commit 5c5bde3b85
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -65,10 +65,10 @@ async def proxy(path: str, request: Request, user=Depends(get_current_user)):
else:
raise HTTPException(status_code=401, detail=ERROR_MESSAGES.ACCESS_PROHIBITED)
headers.pop("Host", None)
headers.pop("Authorization", None)
headers.pop("Origin", None)
headers.pop("Referer", None)
headers.pop("host", None)
headers.pop("authorization", None)
headers.pop("origin", None)
headers.pop("referer", None)
r = None