Context
Identified in PR #5142 review by @JAORMX and Copilot.
Problem
ProxyOriginOf in pkg/llmgateway/config.go has several correctness gaps:
-
Opaque URLs: url.Parse("localhost:14000/v1") parses as Scheme=localhost, Opaque=14000/v1. The function clears Path but not Opaque, so the path survives in the result — contradicting the doc comment that says "only the scheme and host remain."
-
ForceQuery: Clearing RawQuery alone may still produce a trailing ? if u.ForceQuery is true (e.g. parsing http://host/path?). u.ForceQuery must also be set to false.
-
Fragment: Fragment is not cleared — if ProxyBaseURL ever contains one, it leaks into the written settings file.
-
Userinfo: u.User is not cleared. If ProxyBaseURL ever carries user credentials, they'd be persisted to a user-readable settings file. Should be set to nil.
-
Validation: There's no guard that u.Host != "" after parsing. For scheme-less inputs the function may return a non-origin result silently.
Suggested fix
func ProxyOriginOf(rawURL string) string {
u, err := url.Parse(rawURL)
if err != nil || u.Host == "" {
return rawURL
}
return (&url.URL{Scheme: u.Scheme, Host: u.Host}).String()
}Explicitly reconstructing from Scheme+Host is simpler and correct by construction — no fields to forget to clear.
Test cases to add (pkg/llmgateway/config_test.go)
- Empty input
- Opaque URL (
localhost:14000/v1)
- Scheme-less
host:port
- URL with userinfo
- IPv6 host
- Fragment-only (
http://host/path#frag)
ForceQuery (http://host/path?)- Valid full URL (happy path)
References
Context
Identified in PR #5142 review by @JAORMX and Copilot.
Problem
ProxyOriginOfinpkg/llmgateway/config.gohas several correctness gaps:Opaque URLs:
url.Parse("localhost:14000/v1")parses asScheme=localhost, Opaque=14000/v1. The function clearsPathbut notOpaque, so the path survives in the result — contradicting the doc comment that says "only the scheme and host remain."ForceQuery: ClearingRawQueryalone may still produce a trailing?ifu.ForceQueryis true (e.g. parsinghttp://host/path?).u.ForceQuerymust also be set tofalse.Fragment:
Fragmentis not cleared — ifProxyBaseURLever contains one, it leaks into the written settings file.Userinfo:
u.Useris not cleared. IfProxyBaseURLever carries user credentials, they'd be persisted to a user-readable settings file. Should be set tonil.Validation: There's no guard that
u.Host != ""after parsing. For scheme-less inputs the function may return a non-origin result silently.Suggested fix
Explicitly reconstructing from
Scheme+Hostis simpler and correct by construction — no fields to forget to clear.Test cases to add (
pkg/llmgateway/config_test.go)localhost:14000/v1)host:porthttp://host/path#frag)ForceQuery(http://host/path?)References