Skip to content

fix(providers): omit Authorization header for keyless providers (Ollama)#239

Open
fuleinist wants to merge 1 commit into
404-PF:mainfrom
fuleinist:fix/ollama-api-key-required-despite-needingApiKey-false
Open

fix(providers): omit Authorization header for keyless providers (Ollama)#239
fuleinist wants to merge 1 commit into
404-PF:mainfrom
fuleinist:fix/ollama-api-key-required-despite-needingApiKey-false

Conversation

@fuleinist

@fuleinist fuleinist commented Jul 16, 2026

Copy link
Copy Markdown

Summary

  • The OpenAICompatibleProvider.complete() and completeStream() methods unconditionally set the Authorization: Bearer <apiKey> header, even when apiKey is an empty string
  • This causes failures for keyless providers like Ollama (needsApiKey: false), where the empty bearer token is sent in the request header
  • The fetchModels() method already handled this correctly by conditionally setting the header only when apiKey is truthy — this fix applies the same pattern to complete() and completeStream()

Root Cause

When using Ollama (or any provider with needsApiKey: false), assertApiKeyAvailable() correctly returns an empty string. However, the OpenAICompatibleProvider still sends Authorization: Bearer (with an empty token) in the request headers. This causes issues with Ollama's server, which rejects the malformed Authorization header.

Fix

Apply the same conditional header pattern already used in fetchModels():

const headers: Record<string, string> = {
  'Content-Type': 'application/json',
};
if (apiKey) {
  headers['Authorization'] = `Bearer ${apiKey}`;
}

This is done in both complete() and completeStream().

Test Plan

  • Added test: OpenAICompatibleProvider complete omits Authorization header when apiKey is empty (Ollama)
  • Added test: OpenAICompatibleProvider completeStream omits Authorization header when apiKey is empty (Ollama)
  • All existing provider adapter tests pass (16/16)
  • All API key validation tests pass (6/6)
  • Build succeeds with npm run build

Fixes #234

Summary by CodeRabbit

  • Bug Fixes
    • Improved compatibility with providers that do not require an API key.
    • Requests now omit the authorization header when no API key is configured.
    • Streaming and non-streaming responses continue to parse and return correctly.

@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The OpenAI-compatible provider now conditionally sends Authorization headers for regular and streaming requests. Tests verify keyless Ollama-style requests omit the header while preserving JSON and SSE response parsing.

Changes

OpenAI-compatible authentication

Layer / File(s) Summary
Conditional headers and keyless response coverage
src/providers/openai-compatible.ts, tests/providers/provider-adapters.test.mjs
Both completion paths build typed headers and add Authorization only when an API key is present. Tests cover keyless non-streaming and streaming responses.

Estimated code review effort: 2 (Simple) | ~10 minutes

Suggested reviewers: 404-page-found

Poem

A rabbit twitched its whiskers bright,
“No key!” it cheered, “the path is right.”
JSON hops and stream chunks flow,
No empty token tags them so.
Ollama nibbles carrots with delight.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: omitting Authorization for keyless Ollama-compatible providers.
Linked Issues check ✅ Passed The change addresses #234 by allowing empty apiKey requests to omit Authorization, which is the blocker for keyless Ollama usage.
Out of Scope Changes check ✅ Passed Changes stay within the provider and tests needed for the Ollama keyless-auth fix.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

The OpenAICompatibleProvider.complete() and completeStream() methods
unconditionally set the 'Authorization: Bearer <apiKey>' header, even when
apiKey is an empty string (as happens for Ollama, which has needsApiKey: false).

This caused Ollama requests to fail because the empty bearer token was sent
in the Authorization header. The fetchModels() method already handled this
correctly by conditionally setting the header only when apiKey is truthy.

This fix applies the same conditional pattern to complete() and completeStream(),
matching the existing behavior of fetchModels(). Two tests are added to verify
that the Authorization header is omitted when apiKey is empty, for both the
complete and completeStream code paths.

Fixes 404-PF#234
@fuleinist fuleinist force-pushed the fix/ollama-api-key-required-despite-needingApiKey-false branch from 5651312 to 6bf117e Compare July 16, 2026 01:15
@404-Page-Found

Copy link
Copy Markdown
Contributor

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Nice work!

Reviewed commit: 6bf117e27d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Ollama provider requires OLLAMA_API_KEY despite needingApiKey: false

2 participants