fix: strip hop-by-hop headers from bidirectional response#7
Conversation
Forwarding cm2's Transfer-Encoding/Connection/Keep-Alive headers back through the Lambda Function URL caused Step Functions HTTP Invoke to hang for 60s waiting for chunked-stream framing it does not support. Filter the RFC 7230 hop-by-hop set plus Content-Length/Content-Encoding before send_task_success.
There was a problem hiding this comment.
Code Review
This pull request introduces a mechanism to filter out hop-by-hop headers from proxy responses by defining a HOP_BY_HOP_HEADERS set and a filter_response_headers helper function. The feedback suggests adding the common 'proxy-connection' header to the filtered set to prevent potential connection issues, and adding a defensive check to handle cases where the input headers might be None or empty.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| HOP_BY_HOP_HEADERS = frozenset( | ||
| { | ||
| "connection", | ||
| "keep-alive", | ||
| "proxy-authenticate", | ||
| "proxy-authorization", | ||
| "te", | ||
| "trailer", | ||
| "transfer-encoding", | ||
| "upgrade", | ||
| "content-length", | ||
| "content-encoding", | ||
| } | ||
| ) |
There was a problem hiding this comment.
The non-standard but widely used Proxy-Connection header behaves similarly to the standard Connection header and is often sent by older proxies or clients. To prevent potential hanging or connection issues, it is safer to include "proxy-connection" in the set of hop-by-hop headers to be filtered out.
| HOP_BY_HOP_HEADERS = frozenset( | |
| { | |
| "connection", | |
| "keep-alive", | |
| "proxy-authenticate", | |
| "proxy-authorization", | |
| "te", | |
| "trailer", | |
| "transfer-encoding", | |
| "upgrade", | |
| "content-length", | |
| "content-encoding", | |
| } | |
| ) | |
| HOP_BY_HOP_HEADERS = frozenset( | |
| { | |
| "connection", | |
| "keep-alive", | |
| "proxy-authenticate", | |
| "proxy-authorization", | |
| "proxy-connection", | |
| "te", | |
| "trailer", | |
| "transfer-encoding", | |
| "upgrade", | |
| "content-length", | |
| "content-encoding", | |
| } | |
| ) |
| def filter_response_headers(headers): | ||
| return {k: v for k, v in headers.items() if k.lower() not in HOP_BY_HOP_HEADERS} |
There was a problem hiding this comment.
To ensure robustness and adhere to defensive programming practices, it is safer to handle cases where headers might be None or empty (for example, in unit tests or mock environments) by returning an empty dictionary early.
| def filter_response_headers(headers): | |
| return {k: v for k, v in headers.items() if k.lower() not in HOP_BY_HOP_HEADERS} | |
| def filter_response_headers(headers): | |
| if not headers: | |
| return {} | |
| return {k: v for k, v in headers.items() if k.lower() not in HOP_BY_HOP_HEADERS} |
Forwarding cm2's Transfer-Encoding/Connection/Keep-Alive headers back through the Lambda Function URL caused Step Functions HTTP Invoke to hang for 60s waiting for chunked-stream framing it does not support. Filter the RFC 7230 hop-by-hop set plus Content-Length/Content-Encoding before send_task_success.