Honor publisher Host override and bypass IO for SVG assets

[ChristianPavilonis]

Summary

• Thread publisher origin Host header overrides through the platform backend abstraction.
• Ensure Fastly dynamic backends call override_host when publisher.origin_host_header_override is configured.
• Keep integration, asset, and generic proxy backend registrations unchanged by using no override.
• Bypass Fastly Image Optimizer for SVG asset requests when either the incoming path or rewritten target path ends in .svg/.svgz.

Changes

File	Change
crates/trusted-server-core/src/platform/types.rs	Added optional host_header_override to PlatformBackendSpec.
crates/trusted-server-core/src/publisher.rs	Passes publisher.origin_host_header_override when registering the publisher origin backend.
crates/trusted-server-adapter-fastly/src/platform.rs	Wires PlatformBackendSpec::host_header_override into BackendConfig::host_header_override; adds override-aware backend name test.
crates/trusted-server-core/src/integrations/mod.rs	Sets no host override for integration backends.
crates/trusted-server-core/src/integrations/datadome/protection.rs	Sets no host override for DataDome protection backend.
crates/trusted-server-core/src/proxy.rs	Sets no host override for asset and signed proxy backends; skips Image Optimizer for incoming SVG paths even when route rewrites remove the extension.
crates/trusted-server-core/src/platform/test_support.rs	Updates test backend spec construction for the new field.

Closes

Closes #786
Closes #789

Test plan

• cargo test --workspace
• cargo clippy --workspace --all-targets --all-features -- -D warnings
• cargo fmt --all -- --check
• JS tests: cd crates/js/lib && npx vitest run
• JS format: cd crates/js/lib && npm run format
• Docs format: cd docs && npm run format
• WASM build: cargo build --package trusted-server-adapter-fastly --release --target wasm32-wasip1
• Manual testing: verified deployed SVG logo loads after bypassing Image Optimizer
• Other: Not run; Rust-only change.

Checklist

• Changes follow CLAUDE.md conventions
• No unwrap() in production code — use expect("should ...")
• Uses logging macros (not println!)
• New code has tests
• No secrets or credentials committed

[ChristianPavilonis]

Follow-up after testing the deployed branch: the first patch deployed as x-ts-version: 281 still produced the origin 404. I found an additional Host handling issue in the Fastly request conversion path: edge_request_to_fastly() constructed a Fastly request from the absolute origin URL, then appended forwarded headers. If Fastly had already populated Host/authority from the URL, appending the configured Host could leave the backend host in effect. The latest commit replaces the URL-derived Host header instead of appending a duplicate and adds a targeted test for that conversion behavior. Please redeploy latest branch commit 65a475c9.

[aram356]

Summary

Correct, well-tested, and CI-green. The publisher Host-override is implemented through the right mechanism — origin_host_header_override → PlatformBackendSpec.host_header_override → BackendConfig::ensure() → Backend::override_host(...), which the Fastly SDK documents as forcing the outbound Host. The SVG Image Optimizer bypass is a genuine correctness fix with a focused regression test. No blocking issues; two non-blocking suggestions (inline) to make intent explicit and add the unit-testable half of the override coverage.

Non-blocking

♻️ refactor

• Document the Host set_header normalization — it's defensive only; the wire Host is forced by the backend's override_host, and it applies to every backend, not just the publisher origin. (crates/trusted-server-adapter-fastly/src/platform.rs:312 — suggestion inline)
• Add request-side override coverage — assert a configured origin_host_header_override reaches the outbound request's Host header via StubHttpClient. (crates/trusted-server-core/src/publisher.rs — suggested test inline)

👍 praise

• SVG bypass checks both incoming and rewritten paths with a targeted regression test. (crates/trusted-server-core/src/proxy.rs)
• Backend name encodes the override (_oh_ suffix) so different overrides don't collide or get poisoned by first-registration-wins, and the value is validated against control characters. (crates/trusted-server-core/src/backend.rs)

⛏ nitpick

• History includes "Load Prebid split bundle synchronously" and its immediate revert (net-zero in the diff) — consider squashing on merge.

CI Status

• fmt: PASS
• clippy: PASS
• rust tests: PASS
• js tests: PASS
• integration / browser tests: PASS

[aram356]

👍 Looks good