continue icon indicating copy to clipboard operation
continue copied to clipboard
verified publisher icon continuedev

openai-adapters: allow overriding authorization header

Open visadb opened this issue 2 months ago • 0 comments

Description

Enable overriding OpenAI client's Authorization header by removing it if the user provides a custom authorization header with requestOptions: { headers: { Authorization: Basic ... } }

OpenAI client will always send an Authorization: Bearer header since apiKey is a mandatory parameter. Previously, both the OpenAI header and the custom header were sent, breaking at least vLLM set up with basic auth. And it seems like multiple Authorization headers is a breach of the HTTP RFC specs, so there should be no justifiable use case to send more than one.

This is try 2 after https://github.com/continuedev/continue/pull/7803 failed to fix the issue. This time I had time to set up a development environment and actually test that the fixed IntelliJ IDEA plugin works against my Basic authenticated vLLM instance.

AI Code Review

  • Team members only: AI review runs automatically when PR is opened or marked ready for review
  • Team members can also trigger a review by commenting @continue-review

Checklist

  • [X] I've read the contributing guide
  • [X] The relevant docs, if any, have been updated or created
  • [X] The relevant tests, if any, have been updated or created

Screen recording or screenshot

This is what headers used to look like before this fix:

...
Authorization: Bearer
Authorization: Basic <my-credentials>
...

And now the Authorization: Bearer one is removed if a custom authorization header is provided.

Tests

I couldn't find an appropriate place to test this customFetch function for its authorization header behaviour. Testing suggestions are welcome!

Summary by cubic

Allows a custom Authorization header to replace the default Bearer header in openai-adapters, fixing duplicate headers and restoring compatibility with Basic-auth setups like vLLM. Prevents sending multiple Authorization headers.

  • Bug Fixes
    • Removes the default Bearer header when requestOptions.headers includes Authorization.
    • Handles Headers, array, and object header formats when stripping the header.

Written for commit 6ad933052d590a6237cf878e9851ee45df18631b. Summary will update automatically on new commits.

visadb avatar Nov 11 '25 09:11 visadb