If a proxy server doesn't require authentication (which is an example of our company proxies), we're sending proxyAuth: ':' which ends up on being a real authentication header passed to the client and tells proxy to try validate credentials, which they will be incorrect.
Looks like http-client is passing an invalid proxy authentication header if no proxy authentication was provided at all here https://github.com/actions/http-client/blob/edadda14b09058389cd47f9790e19b97883624c1/index.ts#L641-L649
If a proxy server doesn't require authentication (which is an example of our company proxies), we're sending
proxyAuth: ':'
which ends up on being a real authentication header passed to the client and tells proxy to try validate credentials, which they will be incorrect.Otherwise the underlaying http library for creating the tunnel will set that proxy header if proxyAuth contains a value https://github.com/request/tunnel-agent/blob/master/index.js#L128-L132
Proxy Auth should not be set if username/password is not provided