search

actions / http-client

A lightweight HTTP client optimized for use with actions, TypeScript with generics and async await.
https://github.com/features/actions
Other
72 stars 33 forks source link

Proxy authentication should not be configured if no proxy username/password is provided #39

Closed fgalind1 closed 3 years ago

fgalind1 commented 3 years ago

Looks like http-client is passing an invalid proxy authentication header if no proxy authentication was provided at all here https://github.com/actions/http-client/blob/edadda14b09058389cd47f9790e19b97883624c1/index.ts#L641-L649

If a proxy server doesn't require authentication (which is an example of our company proxies), we're sending proxyAuth: ':' which ends up on being a real authentication header passed to the client and tells proxy to try validate credentials, which they will be incorrect.

Otherwise the underlaying http library for creating the tunnel will set that proxy header if proxyAuth contains a value https://github.com/request/tunnel-agent/blob/master/index.js#L128-L132

Proxy Auth should not be set if username/password is not provided

bryanmacfarlane commented 3 years ago

taking a look. thanks for the PR