Skip to content

Respect existing Authorization header in web_fetch (case-insensitive)#9

Open
GopiB9119 wants to merge 1 commit into
mainfrom
codex/find-and-fix-a-bug-in-codebase
Open

Respect existing Authorization header in web_fetch (case-insensitive)#9
GopiB9119 wants to merge 1 commit into
mainfrom
codex/find-and-fix-a-bug-in-codebase

Conversation

@GopiB9119

@GopiB9119 GopiB9119 commented Apr 24, 2026
edited by devin-ai-integration Bot
Loading

Copy link
Copy Markdown
Owner

Motivation

  • Prevent web_fetch from auto-injecting or overriding an Authorization header when the caller already provided one in any casing.

Description

  • Perform a case-insensitive check for an existing Authorization header before injecting the bearer token and add a regression test that ensures a lowercase authorization header supplied by the caller is preserved.

Testing

  • Ran pytest -q agent/agent/tests/test_web_tools.py and full test suite pytest -q, and both completed successfully (tests passed).

Codex Task

Open in Devin Review

Copilot AI review requested due to automatic review settings April 24, 2026 17:13
@GopiB9119 GopiB9119 enabled auto-merge April 24, 2026 17:15
devin-ai-integration[bot]
devin-ai-integration Bot reviewed Apr 24, 2026
View reviewed changes

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 1 additional finding.

Open in Devin Review

Copilot AI reviewed Apr 24, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates web_fetch to avoid injecting/overriding an Authorization header when the caller already provided one, regardless of header name casing.

Changes:

  • Detect an existing Authorization header case-insensitively before adding the bearer token.
  • Add a regression test ensuring a caller-supplied lowercase authorization header is preserved.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
agent/agent/web_tools.py Adds a case-insensitive check for an existing Authorization header prior to bearer injection.
agent/agent/tests/test_web_tools.py Adds a regression test for preserving a caller-provided authorization header.

Comment thread agent/agent/tests/test_web_tools.py
@GopiB9119 GopiB9119 requested review from Copilot and removed request for Copilot April 24, 2026 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GopiB9119