MCPcopy Index your code
hub / github.com/coder/coder / TestServeHTTP_StripInternalHeaders

Function TestServeHTTP_StripInternalHeaders

coderd/aibridged/aibridged_test.go:810–868  ·  view source on GitHub ↗

TestServeHTTP_StripInternalHeaders verifies that internal X-Coder-* headers are never forwarded to upstream LLM providers.

(t *testing.T)

Source from the content-addressed store, hash-verified

808// TestServeHTTP_StripInternalHeaders verifies that internal X-Coder-*
809// headers are never forwarded to upstream LLM providers.
810func TestServeHTTP_StripInternalHeaders(t *testing.T) {
811 t.Parallel()
812
813 cases := []struct {
814 name string
815 header string
816 value string
817 }{
818 {
819 name: "X-Coder-AI-Governance-Token",
820 header: agplaibridge.HeaderCoderToken,
821 value: "coder-token",
822 },
823 {
824 name: "X-Coder-AI-Governance-Request-Id",
825 header: agplaibridge.HeaderCoderRequestID,
826 value: uuid.NewString(),
827 },
828 }
829
830 for _, tc := range cases {
831 t.Run(tc.name, func(t *testing.T) {
832 t.Parallel()
833
834 mockH := &mockHandler{}
835
836 srv, client, pool := newTestServer(t)
837 conn := &mockDRPCConn{}
838 client.EXPECT().DRPCConn().AnyTimes().Return(conn)
839 client.EXPECT().IsAuthorized(gomock.Any(), gomock.Any()).AnyTimes().Return(&proto.IsAuthorizedResponse{OwnerId: uuid.NewString()}, nil)
840 pool.EXPECT().Acquire(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).AnyTimes().Return(mockH, nil)
841
842 httpSrv := httptest.NewServer(srv)
843 t.Cleanup(httpSrv.Close)
844
845 ctx := testutil.Context(t, testutil.WaitShort)
846 req, err := http.NewRequestWithContext(ctx, http.MethodPost, httpSrv.URL+"/anthropic/v1/messages", nil)
847 require.NoError(t, err)
848
849 // Always set a valid auth token so the request reaches
850 // the upstream handler.
851 req.Header.Set("Authorization", "Bearer coder-token")
852 req.Header.Set(tc.header, tc.value)
853
854 resp, err := http.DefaultClient.Do(req)
855 require.NoError(t, err)
856 defer resp.Body.Close()
857
858 require.Equal(t, http.StatusOK, resp.StatusCode)
859 require.NotNil(t, mockH.headersReceived)
860
861 // Assert no X-Coder-* headers were forwarded upstream.
862 for name := range mockH.headersReceived {
863 require.NotContains(t, name, "X-Coder-",
864 "internal header %q must not be forwarded to upstream providers", name)
865 }
866 })
867 }

Callers

nothing calls this directly

Calls 12

ContextFunction · 0.92
newTestServerFunction · 0.70
RunMethod · 0.65
DRPCConnMethod · 0.65
IsAuthorizedMethod · 0.65
AcquireMethod · 0.65
CleanupMethod · 0.65
SetMethod · 0.65
DoMethod · 0.65
CloseMethod · 0.65
EXPECTMethod · 0.45
EqualMethod · 0.45

Tested by

no test coverage detected