Add custom headers support for API Management integration#163
Add custom headers support for API Management integration#163sgoedecke merged 6 commits intoactions:mainfrom
Conversation
This change adds support for custom HTTP headers in AI inference requests, enabling integration with API Management platforms (Azure APIM, AWS API Gateway, Kong, etc.) and custom request routing/tracking. Features: - New 'custom-headers' input supporting both YAML and JSON formats - Auto-detection of input format for better UX - Header name validation (alphanumeric, hyphens, underscores) - Automatic masking of sensitive headers in logs - Full backward compatibility (optional parameter) Changes: - Added parseCustomHeaders() function in helpers.ts - Updated InferenceRequest interface with optional customHeaders field - Modified simpleInference() and mcpInference() to pass headers to OpenAI client - Added 18 comprehensive test cases - Updated documentation with examples and use cases All 80 tests passing. Zero breaking changes.
There was a problem hiding this comment.
Pull request overview
This pull request adds support for custom HTTP headers in AI inference requests, enabling integration with API Management platforms (Azure APIM, AWS API Gateway, Kong, etc.) and custom request routing/tracking.
Changes:
- New
custom-headersinput parameter supporting both YAML and JSON formats - Header parsing with auto-format detection and validation
- Automatic masking of sensitive headers in logs
- Full backward compatibility with optional parameter
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| action.yml | Added custom-headers input definition with description |
| src/helpers.ts | Implemented parseCustomHeaders() function with validation and masking logic |
| src/inference.ts | Updated InferenceRequest interface and both inference functions to pass headers to OpenAI client |
| src/main.ts | Added parsing of custom headers input and passing to inference request |
| dist/index.js | Compiled JavaScript output with all changes |
| tests/helpers.test.ts | Added 12 comprehensive test cases for header parsing functionality |
| tests/inference.test.ts | Added 2 test cases verifying headers are passed to OpenAI client |
| tests/main.test.ts | Updated 2 existing tests to expect empty customHeaders object |
| README.md | Added comprehensive documentation with YAML/JSON examples and use cases |
| CUSTOM_HEADERS_FEATURE.md | New feature documentation file describing implementation details |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Address Copilot AI feedback: - Remove underscore support from header names (RFC 7230 compliance) - Add explicit null check for JSON parsing - Update validation regex to /^[A-Za-z0-9-]+$/ - Add test case for null value handling - Update documentation to clarify header name requirements Changes: - Header names now only accept alphanumeric characters and hyphens - Improved error messages for invalid headers - Added test for null JSON input - Updated APIM example tests All 81 tests passing.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 9 out of 11 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Delete CUSTOM_HEADERS_FEATURE.md as the README.md already contains comprehensive documentation for the custom headers feature. This reduces documentation duplication and follows standard practice of keeping feature docs in the README.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 10 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 10 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 10 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Implement security validation to prevent HTTP header injection attacks: - Reject header values containing \r or \n characters - Add comprehensive test coverage for CRLF protection - Replace multiline YAML test with proper rejection test Security improvements: - Validates header values to prevent header injection - Clear warning messages when values are rejected - Four new test cases covering LF, CR, CRLF, and multiline scenarios This addresses a critical security concern where malicious headers could be injected via newline characters in header values. All 84 tests passing.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 10 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| it('validates header names and skips invalid ones', () => { | ||
| const yamlInput = `valid-header: value1 | ||
| invalid header: value2 | ||
| invalid_underscore: value3 |
There was a problem hiding this comment.
The test expects invalid_underscore to be rejected, but this conflicts with the documentation claim that underscores are permitted per RFC 7230. If underscores should be allowed, update the regex validation and modify this test case to expect the header to be accepted.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 10 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
yg1996
left a comment
There was a problem hiding this comment.
Seems there are no more changes needed.
|
Hi @actions/models team! 👋 I've implemented custom headers support for API Management integration (Azure APIM, AWS API Gateway, etc.). This feature:
The implementation addresses a common enterprise need for integrating with API Management platforms. Would appreciate your review when you have time! Thanks for maintaining this great action! 🙏 |
|
LGTM, thanks for submitting the PR. |
This change adds support for custom HTTP headers in AI inference requests, enabling integration with API Management platforms (Azure APIM, AWS API Gateway, Kong, etc.) and custom request routing/tracking.
Features:
Changes:
All 80 tests passing. Zero breaking changes.