fix(aibridge): strip proxy headers from bridge requests to fix Bedrock SigV4 signing by ssncferreira · Pull Request #26019 · coder/coder
test(aibridge): add SigV4 proxy header regression test for Bedrock
fix(aibridge): strip proxy headers from bridge requests to fix Bedrock SigV4 signing
…k SigV4 signing On bridge routes aibridge acts as a client, not a proxy. Proxy headers (X-Forwarded-For, etc.) from the inbound request were forwarded on the outbound request and included in the SigV4 signed-headers set. Any in-transit modification by an egress proxy invalidated the signature, causing AWS to reject the request with a 403. Strip proxy headers in PrepareClientHeaders so they are not present when the SigV4 signer runs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters