forked from open-webui/open-webui
Merge pull request #451 from goecho/main
Fix bug: Header attributes (Host, Authorization, Origin, Referer) not sanitized.
This commit is contained in:
commit
5c5bde3b85
1 changed files with 4 additions and 4 deletions
|
@ -65,10 +65,10 @@ async def proxy(path: str, request: Request, user=Depends(get_current_user)):
|
|||
else:
|
||||
raise HTTPException(status_code=401, detail=ERROR_MESSAGES.ACCESS_PROHIBITED)
|
||||
|
||||
headers.pop("Host", None)
|
||||
headers.pop("Authorization", None)
|
||||
headers.pop("Origin", None)
|
||||
headers.pop("Referer", None)
|
||||
headers.pop("host", None)
|
||||
headers.pop("authorization", None)
|
||||
headers.pop("origin", None)
|
||||
headers.pop("referer", None)
|
||||
|
||||
r = None
|
||||
|
||||
|
|
Loading…
Reference in a new issue