mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
bb05c1f30f
## Why Remote-control HTTP requests applied the authentication headers and then appended `ChatGPT-Account-ID` again with `reqwest::RequestBuilder::header`. Since reqwest appends, the wire request could contain the same header twice. Intermediaries may coalesce duplicate values into `uuid,uuid`, which is not a valid account ID. ## What changed - Build remote-control request authentication headers in one place. - Apply provider headers first, then use `HeaderMap::insert` for the explicit account ID. This preserves the current account-ID precedence and all other authentication headers while ensuring exactly one account header is sent. - Preserve duplicate HTTP headers in the test harness and assert exactly one account header for enroll, refresh, list, and revoke requests. ## Validation Added focused coverage for: - Adding the explicit account header when the auth provider omits it. - Replacing multiple provider-supplied account values, including a differently cased header name. - Preserving authorization and routing headers while replacing only the account header. - Rejecting invalid account header values before sending a request. - Emitting exactly one account header for enroll, refresh, list, and revoke requests. - Maintaining header uniqueness across unauthorized recovery, retry, and error-response paths. - Emitting exactly one installation header for enroll and refresh requests. Checks run: - `just test -p codex-app-server-transport request_headers`: 3 passed - `just test -p codex-app-server-transport remote_control_http_mode`: 6 passed - `just test -p codex-app-server-transport clients_tests`: 6 passed - `just test -p codex-app-server-transport`: 123 passed - `cargo test -p codex-app-server-transport`: 123 passed - `just clippy -p codex-app-server-transport` - `just fmt-check` - `bazel test //codex-rs/app-server-transport:app-server-transport-unit-tests`
bb05c1f30f
·
2026-06-24 15:06:53 -07:00
History