fix: 限定下只允许注入 x- 开头的 headers

relay/adaptor/common.go

@@ -3,16 +3,17 @@ package adaptor
 import (
 	"errors"
 	"fmt"
-	"github.com/gin-gonic/gin"
-	"github.com/songquanpeng/one-api/common/client"
-	"github.com/songquanpeng/one-api/relay/meta"
 	"io"
 	"net/http"
 	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/songquanpeng/one-api/common/client"
+	"github.com/songquanpeng/one-api/relay/meta"
 )
 
 const (
-	extraRequestHeaderPrefix = "X-Oneapi-"
+	extraRequestHeaderPrefix = "X-"
 )
 
 func SetupCommonRequestHeader(c *gin.Context, req *http.Request, meta *meta.Meta) {
@@ -20,9 +21,8 @@ func SetupCommonRequestHeader(c *gin.Context, req *http.Request, meta *meta.Meta
 	req.Header.Set("Accept", c.Request.Header.Get("Accept"))
 	for key, values := range c.Request.Header {
 		if strings.HasPrefix(key, extraRequestHeaderPrefix) {
-			headerKey := strings.TrimPrefix(key, extraRequestHeaderPrefix)
 			for _, value := range values {
-				req.Header.Add(headerKey, value)
+				req.Header.Add(key, value)
 			}
 		}
 	}

relay/adaptor/common_test.go

@@ -17,7 +17,7 @@ func TestSetupCommonRequestHeader(t *testing.T) {
 	}
 	c.Request.Header.Set("Content-Type", "application/json")
 	c.Request.Header.Set("Accept", "application/json")
-	c.Request.Header.Set("x-oneapi-test-header", "test-value")
+	c.Request.Header.Set("x-test-header", "test-value")
 
 	// 创建测试用的http请求
 	req, _ := http.NewRequest("GET", "http://example.com", nil)
@@ -33,5 +33,5 @@ func TestSetupCommonRequestHeader(t *testing.T) {
 	// 验证结果
 	assert.Equal(t, "application/json", req.Header.Get("Content-Type"))
 	assert.Equal(t, "application/json", req.Header.Get("Accept"))
-	assert.Equal(t, "test-value", req.Header.Get("test-header"))
+	assert.Equal(t, "test-value", req.Header.Get("x-test-header"))
 }