fix: remove authorization header from frontend (#781)

knudtty · web-flow · commit 5b48f044a156 · 2025-04-28T11:57:29.000+02:00
diff --git a/packages/api/src/routers/api/clickhouseProxy.ts b/packages/api/src/routers/api/clickhouseProxy.ts
@@ -69,6 +69,11 @@ const getConnection: RequestHandler =
   // prettier-ignore-next-line
   async (req, res, next) => {
     try {
+      if (req.headers['authorization'] === 'Basic Og==') {
+        // this means username & password === 0, which indicates we must be
+        // doing some other authorization mechanism (probably connection_id)
+        delete req.headers['authorization'];
+      }
       const { teamId } = getNonNullUserWithTeam(req);
       const connection_id = req.headers['x-hyperdx-connection-id']!; // ! because zod already validated
       delete req.headers['x-hyperdx-connection-id'];
diff --git a/packages/common-utils/src/clickhouse.ts b/packages/common-utils/src/clickhouse.ts
@@ -455,6 +455,8 @@ export class ClickhouseClient {
             wait_end_of_query: 0,
             cancel_http_readonly_queries_on_client_close: 1,
           },
+          username: '',
+          password: '',
           compression: {
             response: true,
           },
