diff --git a/server/opensandbox_server/api/proxy.py b/server/opensandbox_server/api/proxy.py index 10550f77c..be9ff167b 100644 --- a/server/opensandbox_server/api/proxy.py +++ b/server/opensandbox_server/api/proxy.py @@ -49,9 +49,11 @@ "upgrade", } -# Headers that shouldn't be forwarded to untrusted/internal backends +# Headers that shouldn't be forwarded to untrusted/internal backends. +# "authorization" is intentionally forwarded: in-sandbox services authenticate +# clients with scoped bearer tokens, and the k8s wildcard ingress-gateway +# (which bypasses this proxy) already forwards it. SENSITIVE_HEADERS = { - "authorization", "cookie", SANDBOX_API_KEY_HEADER.lower(), } diff --git a/server/tests/test_routes_proxy.py b/server/tests/test_routes_proxy.py index 3ccaa2b73..4e60cfb6d 100644 --- a/server/tests/test_routes_proxy.py +++ b/server/tests/test_routes_proxy.py @@ -176,7 +176,7 @@ def get_endpoint(sandbox_id: str, port: int, resolve_internal: bool = False) -> assert "connection" not in lowered_headers assert "upgrade" not in lowered_headers assert "trailer" not in lowered_headers - assert "authorization" not in lowered_headers + assert lowered_headers.get("authorization") == "Bearer top-secret" assert "cookie" not in lowered_headers assert SANDBOX_API_KEY_HEADER.lower() not in lowered_headers assert "x-hop-temp" not in lowered_headers @@ -515,7 +515,7 @@ def get_endpoint(sandbox_id: str, port: int, resolve_internal: bool = False) -> lowered_headers = { key.lower(): value for key, value in (call["additional_headers"] or {}).items() } - assert "authorization" not in lowered_headers + assert lowered_headers.get("authorization") == "Bearer top-secret" assert "cookie" not in lowered_headers assert "origin" not in lowered_headers assert lowered_headers["opensandbox-ingress-to"] == "sbx-123-44772"