openai-adapters: allow overriding authorization header #8684
+28
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Enable overriding OpenAI client's Authorization header by removing it if
the user provides a custom authorization header with `requestOptions: {
headers: { Authorization: Basic ... } }`
OpenAI client will always send an `Authorization: Bearer` header since
`apiKey` is a mandatory parameter. Previously, both the OpenAI header
and the custom header were sent, breaking at least vLLM set up with
basic auth. And it seems like multiple Authorization headers is a breach
of the HTTP RFC specs, so there should be no justifiable use case to
send more than one.
dosubot
bot
added
the
size:S
4 tasks
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Enable overriding OpenAI client's Authorization header by removing it if the user provides a custom authorization header with
requestOptions: { headers: { Authorization: Basic ... } }OpenAI client will always send an
Authorization: Bearerheader sinceapiKeyis a mandatory parameter. Previously, both the OpenAI header and the custom header were sent, breaking at least vLLM set up with basic auth. And it seems like multiple Authorization headers is a breach of the HTTP RFC specs, so there should be no justifiable use case to send more than one.This is try 2 after #7803 failed to fix the issue. This time I had time to set up a development environment and actually test that the fixed IntelliJ IDEA plugin works against my Basic authenticated vLLM instance.
AI Code Review
@continue-reviewChecklist
Screen recording or screenshot
This is what headers used to look like before this fix:
And now the
Authorization: Bearerone is removed if a custom authorization header is provided.Tests
I couldn't find an appropriate place to test this customFetch function for its authorization header behaviour. Testing suggestions are welcome!
Summary by cubic
Allows a custom Authorization header to replace the default Bearer header in openai-adapters, fixing duplicate headers and restoring compatibility with Basic-auth setups like vLLM. Prevents sending multiple Authorization headers.
Written for commit 6ad9330. Summary will update automatically on new commits.