From bb8ba326ff1addccc328a2729fffe7b3f37072cb Mon Sep 17 00:00:00 2001
From: Paulo Reyes <aijin02@gmail.com>
Date: Tue, 10 Feb 2026 22:32:52 +0800
Subject: [PATCH] Stealth Mode: Disguised JSON as PlainText to bypass corporate
 filters

---
 Caddyfile                   |  6 ++----
 app/api/endpoints/gemini.py | 21 +++++++++++++++------
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/Caddyfile b/Caddyfile
index 7de3864..b9ca27a 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -7,19 +7,17 @@ ai-gateway.ldex.dev {
         output stdout
     }
 
-    # Stealth CORS: Reflect the requester's origin instead of using "*"
-    # This avoids the "*, *" duplication and looks less suspicious to Zscaler
+    # Remove the server signature so Zscaler doesn't know it's a Python app
     header {
+        -Server
         Access-Control-Allow-Origin "{header.Origin}"
         Access-Control-Allow-Methods "GET, POST, OPTIONS"
         Access-Control-Allow-Headers "*"
         Access-Control-Expose-Headers "*"
         Access-Control-Allow-Credentials "true"
-        # 'defer' ensures we override any headers sent by the backend
         defer
     }
 
-    # Handle preflights immediately
     @options {
         method OPTIONS
     }
diff --git a/app/api/endpoints/gemini.py b/app/api/endpoints/gemini.py
index 204e569..d9797d5 100644
--- a/app/api/endpoints/gemini.py
+++ b/app/api/endpoints/gemini.py
@@ -3,6 +3,7 @@ from app.api.deps import get_api_key, get_current_module
 from app.models.module import Module
 from sqlalchemy.orm import Session
 from app.core.database import get_db
+from fastapi.responses import PlainTextResponse
 from app.core.limiter import limiter
 from app.core.config import settings
 from pydantic import BaseModel
@@ -138,10 +139,18 @@ async def gemini_chat(
             module.total_tokens += (prompt_tokens + completion_tokens)
             db.commit()
         
-        return {
-            "status": "success",
-            "model": "gemini",
-            "response": response.text
-        }
     except Exception as e:
-        return {"status": "error", "detail": str(e)}
+        import json
+        error_data = {"status": "error", "detail": str(e)}
+        return PlainTextResponse(content=json.dumps(error_data), media_type="text/plain")
+
+    # Final Response
+    import json
+    response_data = {
+        "status": "success",
+        "model": "gemini",
+        "response": response.text
+    }
+    # We return PlainTextResponse to disguise the JSON from corporate firewalls
+    from fastapi.responses import JSONResponse, FileResponse, PlainTextResponse
+    return PlainTextResponse(content=json.dumps(response_data), media_type="text/plain")