Skip to content

fix: Pass Google AI API key in HTTP header, not query param#3192

Merged
jamadeo merged 1 commit intoblock:mainfrom
SalvatoreT:salvatoret/3191/google-ai-use-http-header
Jul 2, 2025
Merged

fix: Pass Google AI API key in HTTP header, not query param#3192
jamadeo merged 1 commit intoblock:mainfrom
SalvatoreT:salvatoret/3191/google-ai-use-http-header

Conversation

@SalvatoreT
Copy link
Contributor

@SalvatoreT SalvatoreT commented Jul 1, 2025

Sometimes the Google AI HTTP query is logged. If the key is a query param then it'll be visible to the user.

Closes #3191

jamadeo
jamadeo approved these changes Jul 1, 2025
View reviewed changes
Copy link
Collaborator

@jamadeo jamadeo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thank you @SalvatoreT . Just needs cargo fmt.

@SalvatoreT
fix: Pass Google AI API key in HTTP header, not query param
7460663 
Sometimes the Google AI HTTP query is logged. If the key is a query
param then it'll be visible to the user.
@SalvatoreT SalvatoreT force-pushed the salvatoret/3191/google-ai-use-http-header branch from 58844cb to 7460663 Compare July 1, 2025 20:29
@SalvatoreT
Copy link
Contributor Author

SalvatoreT commented Jul 1, 2025

@jamadeo, done!

@SalvatoreT SalvatoreT requested a review from jamadeo July 1, 2025 20:33
@jamadeo jamadeo merged commit ecbd719 into block:main Jul 2, 2025
6 checks passed
@SalvatoreT SalvatoreT deleted the salvatoret/3191/google-ai-use-http-header branch July 2, 2025 13:40
wpfleger96 added a commit to wpfleger96/goose that referenced this pull request Jul 2, 2025
@wpfleger96
Merge branch 'main' into wpfleger/run-sub-recipes-from-github
c2f81a2 
* main:
  fix: Pass Google AI API key in HTTP header, not query param (block#3192)
  docs: add linter to CONTRIBUTING.md (block#3168)
  feat: Structured output for recipes (block#3188)
  Fix cost tracking accuracy and OpenRouter model pricing (block#3189)
  docs: update cli install instructions for windows (block#3205)
  Docs: Cost tracking on the desktop app (block#3204)
  feat: Adding streamable-http transport support for backend, desktop and cli (block#2942)
  fix: use the correct `contains` syntax on create-recipe-pr.yml (block#3193)
AaronGoldsmith added a commit to AaronGoldsmith/goose that referenced this pull request Jul 2, 2025
@AaronGoldsmith
Merge branch 'main' into ag/feat-desktop-recipe-params
04bf72c 
* main: (37 commits)
  fix: fix desktop recipe url generation (block#3209)
  feat: improve UX for saving recipes (block#3214)
  fix: Pass Google AI API key in HTTP header, not query param (block#3192)
  docs: add linter to CONTRIBUTING.md (block#3168)
  feat: Structured output for recipes (block#3188)
  Fix cost tracking accuracy and OpenRouter model pricing (block#3189)
  docs: update cli install instructions for windows (block#3205)
  Docs: Cost tracking on the desktop app (block#3204)
  feat: Adding streamable-http transport support for backend, desktop and cli (block#2942)
  fix: use the correct `contains` syntax on create-recipe-pr.yml (block#3193)
  Temporarily Remove GH Copilot Provider  (block#3199)
  docs: fix tab navigation (block#3201)
  feat: use tiktoken-rs instead of tokenizers, single global tokenizer (block#3115)
  add playwright-mcp server to extensions list (block#3010)
  Add `/extension` path for extension installation (block#3011)
  feat(desktop): Prioritize suffix when truncating path in header (block#3110)
  chore(release): release version 1.0.31 (block#3185)
  feat: additional sub recipes via command line (block#3163)
  Add Internal Recipes To Recipes Cookbook (block#3179)
  pipe the argument to storage (block#3184)
  ...
baxen added a commit to Developerayo/goose that referenced this pull request Jul 2, 2025
@baxen
Merge branch 'main' into feat/theme/persist
b2e8ddf 
* main: (150 commits)
  Defend against invalid sessions (block#3229)
  Clean up session file optionality for --no-session (block#3230)
  Feat: Support Recipe Parameters in Goose desktop app (block#3155)
  docs: update recipe example (block#3222)
  Add native OAuth 2.0 authentication support to MCP client (block#3213)
  build: Check in Cargo.lock changes (block#3220)
  fix: fix desktop recipe url generation (block#3209)
  feat: improve UX for saving recipes (block#3214)
  fix: Pass Google AI API key in HTTP header, not query param (block#3192)
  docs: add linter to CONTRIBUTING.md (block#3168)
  feat: Structured output for recipes (block#3188)
  Fix cost tracking accuracy and OpenRouter model pricing (block#3189)
  docs: update cli install instructions for windows (block#3205)
  Docs: Cost tracking on the desktop app (block#3204)
  feat: Adding streamable-http transport support for backend, desktop and cli (block#2942)
  fix: use the correct `contains` syntax on create-recipe-pr.yml (block#3193)
  Temporarily Remove GH Copilot Provider  (block#3199)
  docs: fix tab navigation (block#3201)
  feat: use tiktoken-rs instead of tokenizers, single global tokenizer (block#3115)
  add playwright-mcp server to extensions list (block#3010)
  ...
jsibbison-square added a commit that referenced this pull request Jul 2, 2025
@jsibbison-square
Merge remote-tracking branch 'origin/main' into jsibbison-20250702-ma…
4bd6c9b 
…x-turns

* origin/main:
  Defend against invalid sessions (#3229)
  Clean up session file optionality for --no-session (#3230)
  Feat: Support Recipe Parameters in Goose desktop app (#3155)
  docs: update recipe example (#3222)
  Add native OAuth 2.0 authentication support to MCP client (#3213)
  build: Check in Cargo.lock changes (#3220)
  fix: fix desktop recipe url generation (#3209)
  feat: improve UX for saving recipes (#3214)
  fix: Pass Google AI API key in HTTP header, not query param (#3192)
  docs: add linter to CONTRIBUTING.md (#3168)
@chaitanyarahalkar chaitanyarahalkar mentioned this pull request Jul 5, 2025
Open
atarantino pushed a commit to atarantino/goose that referenced this pull request Jul 14, 2025
@SalvatoreT @atarantino
fix: Pass Google AI API key in HTTP header, not query param (block#3192)
12eff7c 
Signed-off-by: Adam Tarantino <tarantino.adam@gmail.com>
s-soroosh pushed a commit to s-soroosh/goose that referenced this pull request Jul 18, 2025
@SalvatoreT @s-soroosh
fix: Pass Google AI API key in HTTP header, not query param (block#3192)
5f10695 
Signed-off-by: Soroosh <soroosh.sarabadani@gmail.com>
kwsantiago pushed a commit to kwsantiago/goose that referenced this pull request Jul 19, 2025
@SalvatoreT @kwsantiago
fix: Pass Google AI API key in HTTP header, not query param (block#3192)
348a3b0 
Signed-off-by: Kyle Santiago <kyle@privkey.io>
cbruyndoncx pushed a commit to cbruyndoncx/goose that referenced this pull request Jul 20, 2025
@SalvatoreT
fix: Pass Google AI API key in HTTP header, not query param (block#3192)
99e0d54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamadeo jamadeo jamadeo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Failed Google/Gemini API requests show the API key in the output

2 participants

@SalvatoreT @jamadeo