fix(proxy): include request-blocked callback params in auth bans

2026-05-04 16:54:04 -07:00 · 2026-05-04 16:54:04 -07:00 · abcf204d38
commit abcf204d38
parent 6a3f6b47de
2 changed files with 19 additions and 9 deletions
--- a/litellm/proxy/auth/auth_utils.py
+++ b/litellm/proxy/auth/auth_utils.py
@ -216,22 +216,26 @@ _EXTRA_BANNED_OBSERVABILITY_PARAMS: FrozenSet[str] = frozenset(
 def _build_banned_observability_params() -> FrozenSet[str]:
    """Derive the observability ban list from the canonical allowlist.

-    ``_supported_callback_params`` in
+    ``_supported_callback_params`` and ``_request_blocked_callback_params`` in
    ``litellm/litellm_core_utils/initialize_dynamic_callback_params.py`` is
-    the single place that enumerates every observability field
-    integrations resolve from kwargs/metadata. Subtract the small set of
-    informational fields (``_SAFE_CLIENT_CALLBACK_PARAMS``) and union with
-    the extras the canonical allowlist hasn't caught up to yet. New
-    integrations added to the canonical allowlist are banned by default,
-    which is the safe failure mode.
+    the single place that enumerates every observability field integrations
+    resolve from kwargs/metadata, plus fields that integration code explicitly
+    blocks from request-supplied callback params. Subtract the small set of
+    informational fields (``_SAFE_CLIENT_CALLBACK_PARAMS``) and union with the
+    extras the canonical allowlist hasn't caught up to yet. New integrations
+    added to the canonical allowlist are banned by default, which is the safe
+    failure mode.
    """
    from litellm.litellm_core_utils.initialize_dynamic_callback_params import (
+        _request_blocked_callback_params,
        _supported_callback_params,
    )

    return (
-        frozenset(_supported_callback_params) - _SAFE_CLIENT_CALLBACK_PARAMS
-    ) | _EXTRA_BANNED_OBSERVABILITY_PARAMS
+        (frozenset(_supported_callback_params) - _SAFE_CLIENT_CALLBACK_PARAMS)
+        | frozenset(_request_blocked_callback_params)
+        | _EXTRA_BANNED_OBSERVABILITY_PARAMS
+    )


 _BANNED_REQUEST_BODY_PARAMS: Tuple[str, ...] = (
--- a/tests/test_litellm/proxy/auth/test_auth_utils.py
+++ b/tests/test_litellm/proxy/auth/test_auth_utils.py
@ -1493,6 +1493,7 @@ def test_observability_ban_covers_canonical_supported_callback_params():
    safe is an explicit decision recorded in
    ``_SAFE_CLIENT_CALLBACK_PARAMS``."""
    from litellm.litellm_core_utils.initialize_dynamic_callback_params import (
+        _request_blocked_callback_params,
        _supported_callback_params,
    )
    from litellm.proxy.auth.auth_utils import (
@ -1508,3 +1509,8 @@ def test_observability_ban_covers_canonical_supported_callback_params():
            f"informational per-request field; otherwise the derivation will "
            f"ban it automatically."
        )
+    for param in _request_blocked_callback_params:
+        assert param in banned, (
+            f"{param} is in _request_blocked_callback_params but is not banned "
+            "at the proxy request-body boundary."
+        )