fix(proxy): restore header filtering and API matcher consistency

- Canonicalize filtered header deny-lists so Cloudflare and CDN headers are still removed - Normalize incomplete API repo paths to stable owner-level matcher output regardless of trailing slash or query - Add regression tests covering header canonicalization and incomplete API repo path parsing
2026-06-13 23:57:37 +08:00 · 2026-04-12 07:17:59 +08:00 · 2026-04-12 07:17:59 +08:00 · e9e48fcefd
commit e9e48fcefd
parent ba3dcf7624
4 changed files with 73 additions and 9 deletions
--- a/proxy/hotpath_test.go
+++ b/proxy/hotpath_test.go
@ -65,6 +65,31 @@ func TestCopyHeaderFiltered(t *testing.T) {
 	}
 }

+func TestCopyHeaderFiltered_CanonicalizesDenylist(t *testing.T) {
+	src := http.Header{
+		"Cf-Ipcountry":    {"CN"},
+		"Cf-Ray":          {"abc123"},
+		"Cf-Ew-Via":       {"edge"},
+		"X-Forwarded-For": {"127.0.0.1"},
+	}
+	dst := make(http.Header)
+
+	copyHeaderFiltered(dst, src, reqHeadersToRemove)
+
+	if got := dst.Values("Cf-Ipcountry"); len(got) != 0 {
+		t.Fatalf("Cf-Ipcountry should be filtered, got %v", got)
+	}
+	if got := dst.Values("Cf-Ray"); len(got) != 0 {
+		t.Fatalf("Cf-Ray should be filtered, got %v", got)
+	}
+	if got := dst.Values("Cf-Ew-Via"); len(got) != 0 {
+		t.Fatalf("Cf-Ew-Via should be filtered, got %v", got)
+	}
+	if got := dst.Values("X-Forwarded-For"); !reflect.DeepEqual(got, []string{"127.0.0.1"}) {
+		t.Fatalf("X-Forwarded-For = %v, want [127.0.0.1]", got)
+	}
+}
+
 func TestCopyHeaderFiltered_AllowsAllWhenDenylistEmpty(t *testing.T) {
 	src := http.Header{
 		"X-Test": {"one", "two"},