Skip to content

fix: x-stainless-timeout allowed header #1094

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
akshaydeo merged 1 commit into from
Dec 15, 2025
Merged

fix: x-stainless-timeout allowed header #1094

akshaydeo merged 1 commit into from
Dec 15, 2025

Conversation

@qwerty-dvorak
Copy link
Contributor

@qwerty-dvorak qwerty-dvorak commented Dec 15, 2025
edited
Loading

Summary

Add support for the X-Stainless-Timeout header in CORS configuration to allow clients to specify custom timeout values.

Changes

  • Added X-Stainless-Timeout to the list of allowed headers in the CORS middleware
  • This enables clients to set custom timeout values for their requests through this header

Type of change

  • Transports (HTTP)

Affected areas

  • Core (Go)
  • Transports (HTTP)
  • Providers/Integrations
  • Plugins
  • UI (Next.js)
  • Docs

How to test

Test that the CORS middleware properly allows the X-Stainless-Timeout header:

make dev &&
curl http://localhost:8080/v1/chat/completions \
-H "Content-Type: application/json" \
-H "x-stainless-timeout: 60000" \
-d '{
  "model": "anthropic/claude-sonnet-4-5",
  "messages": [{"role": "user", "content": "Hello, Bifrost!"}]
}'

Breaking changes

  • No

Related issues

#1074

Security considerations

None

Checklist

  • I read docs/contributing/README.md and followed the guidelines
  • I added/updated tests where appropriate
  • I updated documentation where needed
  • I verified builds succeed (Go and UI)
  • I verified the CI pipeline passes locally if applicable

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 15, 2025
edited
Loading

📝 Walkthrough

Summary by CodeRabbit

  • Chores
    • Updated CORS configuration to support additional request headers.

✏️ Tip: You can customize this high-level summary in your review settings.

Walkthrough

A CORS middleware configuration update adds X-Stainless-Timeout to the Access-Control-Allow-Headers response header, expanding the set of allowed headers for preflight requests alongside existing values.

Changes

Cohort / File(s) Summary
CORS header configuration
transports/bifrost-http/handlers/middlewares.go		 Added X-Stainless-Timeout to the Access-Control-Allow-Headers value in the CORS middleware response

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

  • Single-file configuration change with no logic or control flow modifications
  • Straightforward header value addition to existing CORS policy

Poem

🐰 A rabbit hops through headers fair,
Adding timeout to the air,
CORS now broader, cross-domain delight,
One little string makes preflight right! 🎯

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main change: adding the X-Stainless-Timeout header to CORS allowed headers.
Description check ✅ Passed The description includes all required template sections with appropriate content: summary, changes, type of change, affected areas, testing instructions, breaking changes, related issues, security considerations, and completed checklist.
Docstring Coverage ✅ Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch 12-15-fix_x-stainless-timeout_allowed_header

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@qwerty-dvorak Graphite App
Copy link
Contributor Author

qwerty-dvorak commented Dec 15, 2025

This stack of pull requests is managed by Graphite. Learn more about stacking.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 15, 2025

🧪 Test Suite Available

This PR can be tested by a repository admin.

Run tests for PR #1094

@qwerty-dvorak qwerty-dvorak marked this pull request as ready for review December 15, 2025 16:40
coderabbitai[bot]
coderabbitai bot reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
transports/bifrost-http/handlers/middlewares.go (1)

31-31: CORS header update correctly permits X-Stainless-Timeout

Adding X-Stainless-Timeout to Access-Control-Allow-Headers is the right way to allow this custom header in browser requests; no functional or security issues stand out. If you anticipate more custom headers, consider centralizing the allowed-header list (e.g., a shared constant or config-driven slice) to avoid future drift across sites using this middleware.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 44f4efd and d40ea2a.

📒 Files selected for processing (1)
  • transports/bifrost-http/handlers/middlewares.go (1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**

⚙️ CodeRabbit configuration file

always check the stack if there is one for the current PR. do not give localized reviews for the PR, always see all changes in the light of the whole stack of PRs (if there is a stack, if there is no stack you can continue to make localized suggestions/reviews)

Files:

  • transports/bifrost-http/handlers/middlewares.go
🧠 Learnings (2)
📚 Learning: 2025-12-09T17:07:42.007Z 
Learnt from: qwerty-dvorak
Repo: maximhq/bifrost PR: 1006
File: core/schemas/account.go:9-18
Timestamp: 2025-12-09T17:07:42.007Z
Learning: In core/schemas/account.go, the HuggingFaceKeyConfig field within the Key struct is currently unused and reserved for future Hugging Face inference endpoint deployments. Do not flag this field as missing from OpenAPI documentation or require its presence in the API spec until the feature is actively implemented and used. When the feature is added, update the OpenAPI docs accordingly; otherwise, treat this field as non-breaking and not part of the current API surface.

Applied to files:

  • transports/bifrost-http/handlers/middlewares.go
📚 Learning: 2025-12-12T08:25:02.629Z 
Learnt from: Pratham-Mishra04
Repo: maximhq/bifrost PR: 1000
File: transports/bifrost-http/integrations/router.go:709-712
Timestamp: 2025-12-12T08:25:02.629Z
Learning: In transports/bifrost-http/**/*.go, update streaming response handling to align with OpenAI Responses API: use typed SSE events such as response.created, response.output_text.delta, response.done, etc., and do not rely on the legacy data: [DONE] termination marker. Note that data: [DONE] is only used by the older Chat Completions and Text Completions streaming APIs. Ensure parsers, writers, and tests distinguish SSE events from the [DONE] sentinel and handle each event type accordingly for correct stream termination and progress updates.

Applied to files:

  • transports/bifrost-http/handlers/middlewares.go

@akshaydeo akshaydeo merged commit 60be211 into main Dec 15, 2025
11 checks passed
@akshaydeo akshaydeo deleted the 12-15-fix_x-stainless-timeout_allowed_header branch December 15, 2025 17:03
@JadeGeek
Copy link

JadeGeek commented Dec 16, 2025

great response! you guys are so quick! after test the newest version, still got the similar problem, and got the bug fixed as follow:

				ctx.Response.Header.Set(
					"Access-Control-Allow-Headers",
					"Content-Type, Authorization, X-Requested-With, X-Stainless-Timeout, x-stainless-os, x-stainless-runtime-version, x-stainless-package-version, x-stainless-runtime, x-stainless-arch, x-stainless-retry-count, x-stainless-lang",
				)

will you guys make another patch into next release?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@qwerty-dvorak @JadeGeek @akshaydeo