diff --git a/src/gateway/input-allowlist.ts b/src/gateway/input-allowlist.ts new file mode 100644 index 00000000000..d59b3e6265c --- /dev/null +++ b/src/gateway/input-allowlist.ts @@ -0,0 +1,9 @@ +export function normalizeInputHostnameAllowlist( + values: string[] | undefined, +): string[] | undefined { + if (!values || values.length === 0) { + return undefined; + } + const normalized = values.map((value) => value.trim()).filter((value) => value.length > 0); + return normalized.length > 0 ? normalized : undefined; +} diff --git a/src/gateway/openai-http.ts b/src/gateway/openai-http.ts index 01564f17b34..c4ffb02b148 100644 --- a/src/gateway/openai-http.ts +++ b/src/gateway/openai-http.ts @@ -28,6 +28,7 @@ import type { ResolvedGatewayAuth } from "./auth.js"; import { sendJson, setSseHeaders, writeDone } from "./http-common.js"; import { handleGatewayPostJsonEndpoint } from "./http-endpoint-helpers.js"; import { resolveGatewayRequestContext } from "./http-utils.js"; +import { normalizeInputHostnameAllowlist } from "./input-allowlist.js"; type OpenAiHttpOptions = { auth: ResolvedGatewayAuth; @@ -70,14 +71,6 @@ type ResolvedOpenAiChatCompletionsLimits = { images: InputImageLimits; }; -function normalizeHostnameAllowlist(values: string[] | undefined): string[] | undefined { - if (!values || values.length === 0) { - return undefined; - } - const normalized = values.map((value) => value.trim()).filter((value) => value.length > 0); - return normalized.length > 0 ? normalized : undefined; -} - function resolveOpenAiChatCompletionsLimits( config: GatewayHttpChatCompletionsConfig | undefined, ): ResolvedOpenAiChatCompletionsLimits { @@ -94,7 +87,7 @@ function resolveOpenAiChatCompletionsLimits( : DEFAULT_OPENAI_MAX_TOTAL_IMAGE_BYTES, images: { allowUrl: imageConfig?.allowUrl ?? DEFAULT_OPENAI_IMAGE_LIMITS.allowUrl, - urlAllowlist: normalizeHostnameAllowlist(imageConfig?.urlAllowlist), + urlAllowlist: normalizeInputHostnameAllowlist(imageConfig?.urlAllowlist), allowedMimes: normalizeMimeList(imageConfig?.allowedMimes, DEFAULT_INPUT_IMAGE_MIMES), maxBytes: imageConfig?.maxBytes ?? DEFAULT_INPUT_IMAGE_MAX_BYTES, maxRedirects: imageConfig?.maxRedirects ?? DEFAULT_INPUT_MAX_REDIRECTS, diff --git a/src/gateway/openresponses-http.ts b/src/gateway/openresponses-http.ts index 783772016ed..97a5fee3c66 100644 --- a/src/gateway/openresponses-http.ts +++ b/src/gateway/openresponses-http.ts @@ -35,6 +35,7 @@ import type { ResolvedGatewayAuth } from "./auth.js"; import { sendJson, setSseHeaders, writeDone } from "./http-common.js"; import { handleGatewayPostJsonEndpoint } from "./http-endpoint-helpers.js"; import { resolveGatewayRequestContext } from "./http-utils.js"; +import { normalizeInputHostnameAllowlist } from "./input-allowlist.js"; import { CreateResponseBodySchema, type CreateResponseBody, @@ -69,14 +70,6 @@ type ResolvedResponsesLimits = { images: InputImageLimits; }; -function normalizeHostnameAllowlist(values: string[] | undefined): string[] | undefined { - if (!values || values.length === 0) { - return undefined; - } - const normalized = values.map((value) => value.trim()).filter((value) => value.length > 0); - return normalized.length > 0 ? normalized : undefined; -} - function resolveResponsesLimits( config: GatewayHttpResponsesConfig | undefined, ): ResolvedResponsesLimits { @@ -91,11 +84,11 @@ function resolveResponsesLimits( : DEFAULT_MAX_URL_PARTS, files: { ...fileLimits, - urlAllowlist: normalizeHostnameAllowlist(files?.urlAllowlist), + urlAllowlist: normalizeInputHostnameAllowlist(files?.urlAllowlist), }, images: { allowUrl: images?.allowUrl ?? true, - urlAllowlist: normalizeHostnameAllowlist(images?.urlAllowlist), + urlAllowlist: normalizeInputHostnameAllowlist(images?.urlAllowlist), allowedMimes: normalizeMimeList(images?.allowedMimes, DEFAULT_INPUT_IMAGE_MIMES), maxBytes: images?.maxBytes ?? DEFAULT_INPUT_IMAGE_MAX_BYTES, maxRedirects: images?.maxRedirects ?? DEFAULT_INPUT_MAX_REDIRECTS,