From e0529197cd97997ec2f5bd32fb928620e111fa7e Mon Sep 17 00:00:00 2001 From: gronon Date: Sat, 6 May 2023 12:22:05 +0000 Subject: [PATCH] Prevent leaking OpenAI organization-ids in error responses (khanon/oai-reverse-proxy!5) --- src/proxy/middleware/response/index.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/proxy/middleware/response/index.ts b/src/proxy/middleware/response/index.ts index 87c87c0..40f5b19 100644 --- a/src/proxy/middleware/response/index.ts +++ b/src/proxy/middleware/response/index.ts @@ -292,6 +292,9 @@ const handleDownstreamErrors: ProxyResHandlerWithBody = async ( } else { errorPayload.proxy_note = `Unrecognized error from OpenAI.`; } + + // Don't leak the org id outside the proxy + errorPayload.message.replace(/org-.{24}/gm, "org-xxxxxxxxxxxxxxxxxxx"); res.status(statusCode).json(errorPayload); throw new Error(errorPayload.error?.message);