From e7e3bd7113d86b123d4ccf2a005890a41ab5a4fa Mon Sep 17 00:00:00 2001 From: Uno Date: Thu, 2 Jul 2026 14:22:11 +0800 Subject: [PATCH] fix(server): forward Authorization header on sandbox proxy routes In-sandbox services authenticate callers with scoped bearer tokens, but the server proxy stripped the Authorization header as sensitive, so those tokens never reached the sandbox and requests failed with 401. The k8s wildcard ingress-gateway (which bypasses this proxy) already forwards the header; this aligns the proxy with that behavior. Cookie and the OpenSandbox API key header are still stripped. Claude-Session: https://claude.ai/code/session_011dwUhZSZyAfpLEKBVLEi2T --- server/opensandbox_server/api/proxy.py | 6 ++++-- server/tests/test_routes_proxy.py | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/server/opensandbox_server/api/proxy.py b/server/opensandbox_server/api/proxy.py index 10550f77c..be9ff167b 100644 --- a/server/opensandbox_server/api/proxy.py +++ b/server/opensandbox_server/api/proxy.py @@ -49,9 +49,11 @@ "upgrade", } -# Headers that shouldn't be forwarded to untrusted/internal backends +# Headers that shouldn't be forwarded to untrusted/internal backends. +# "authorization" is intentionally forwarded: in-sandbox services authenticate +# clients with scoped bearer tokens, and the k8s wildcard ingress-gateway +# (which bypasses this proxy) already forwards it. SENSITIVE_HEADERS = { - "authorization", "cookie", SANDBOX_API_KEY_HEADER.lower(), } diff --git a/server/tests/test_routes_proxy.py b/server/tests/test_routes_proxy.py index 3ccaa2b73..4e60cfb6d 100644 --- a/server/tests/test_routes_proxy.py +++ b/server/tests/test_routes_proxy.py @@ -176,7 +176,7 @@ def get_endpoint(sandbox_id: str, port: int, resolve_internal: bool = False) -> assert "connection" not in lowered_headers assert "upgrade" not in lowered_headers assert "trailer" not in lowered_headers - assert "authorization" not in lowered_headers + assert lowered_headers.get("authorization") == "Bearer top-secret" assert "cookie" not in lowered_headers assert SANDBOX_API_KEY_HEADER.lower() not in lowered_headers assert "x-hop-temp" not in lowered_headers @@ -515,7 +515,7 @@ def get_endpoint(sandbox_id: str, port: int, resolve_internal: bool = False) -> lowered_headers = { key.lower(): value for key, value in (call["additional_headers"] or {}).items() } - assert "authorization" not in lowered_headers + assert lowered_headers.get("authorization") == "Bearer top-secret" assert "cookie" not in lowered_headers assert "origin" not in lowered_headers assert lowered_headers["opensandbox-ingress-to"] == "sbx-123-44772"