diff --git a/litellm/proxy/auth/auth_utils.py b/litellm/proxy/auth/auth_utils.py index 9a6fc95f14..567b8307af 100644 --- a/litellm/proxy/auth/auth_utils.py +++ b/litellm/proxy/auth/auth_utils.py @@ -216,22 +216,26 @@ _EXTRA_BANNED_OBSERVABILITY_PARAMS: FrozenSet[str] = frozenset( def _build_banned_observability_params() -> FrozenSet[str]: """Derive the observability ban list from the canonical allowlist. - ``_supported_callback_params`` in + ``_supported_callback_params`` and ``_request_blocked_callback_params`` in ``litellm/litellm_core_utils/initialize_dynamic_callback_params.py`` is - the single place that enumerates every observability field - integrations resolve from kwargs/metadata. Subtract the small set of - informational fields (``_SAFE_CLIENT_CALLBACK_PARAMS``) and union with - the extras the canonical allowlist hasn't caught up to yet. New - integrations added to the canonical allowlist are banned by default, - which is the safe failure mode. + the single place that enumerates every observability field integrations + resolve from kwargs/metadata, plus fields that integration code explicitly + blocks from request-supplied callback params. Subtract the small set of + informational fields (``_SAFE_CLIENT_CALLBACK_PARAMS``) and union with the + extras the canonical allowlist hasn't caught up to yet. New integrations + added to the canonical allowlist are banned by default, which is the safe + failure mode. """ from litellm.litellm_core_utils.initialize_dynamic_callback_params import ( + _request_blocked_callback_params, _supported_callback_params, ) return ( - frozenset(_supported_callback_params) - _SAFE_CLIENT_CALLBACK_PARAMS - ) | _EXTRA_BANNED_OBSERVABILITY_PARAMS + (frozenset(_supported_callback_params) - _SAFE_CLIENT_CALLBACK_PARAMS) + | frozenset(_request_blocked_callback_params) + | _EXTRA_BANNED_OBSERVABILITY_PARAMS + ) _BANNED_REQUEST_BODY_PARAMS: Tuple[str, ...] = ( diff --git a/tests/test_litellm/proxy/auth/test_auth_utils.py b/tests/test_litellm/proxy/auth/test_auth_utils.py index 7c04a4f61f..d1a9d6e893 100644 --- a/tests/test_litellm/proxy/auth/test_auth_utils.py +++ b/tests/test_litellm/proxy/auth/test_auth_utils.py @@ -1493,6 +1493,7 @@ def test_observability_ban_covers_canonical_supported_callback_params(): safe is an explicit decision recorded in ``_SAFE_CLIENT_CALLBACK_PARAMS``.""" from litellm.litellm_core_utils.initialize_dynamic_callback_params import ( + _request_blocked_callback_params, _supported_callback_params, ) from litellm.proxy.auth.auth_utils import ( @@ -1508,3 +1509,8 @@ def test_observability_ban_covers_canonical_supported_callback_params(): f"informational per-request field; otherwise the derivation will " f"ban it automatically." ) + for param in _request_blocked_callback_params: + assert param in banned, ( + f"{param} is in _request_blocked_callback_params but is not banned " + "at the proxy request-body boundary." + )