gaul
commented
5 years ago @ggramaize Thank you for your contribution! Did you experience problems with a specific browser?
Closed ggramaize closed 5 years ago
gaul
commented
5 years ago @ggramaize Thank you for your contribution! Did you experience problems with a specific browser?
gaul
commented
5 years ago Fixed Travis failure in 807a3c31c07eaa2e16dd77ec071dd98e14a88fc7.
ggramaize
commented
5 years ago @gaul With Firefox 63 (Nightly), when I set the proxy, the browser returned a blank page without asking a proxy password. Correcting this using this solved the issue. I've also had issues while using curl, wget, and lynx.
Moreover, I've had issues with authentication on HTTPS websites, because when proxying a connection, the proxy shall authenticate the CONNECT, but not the inner HTTP session (which is theoretically not MITMed, thus untouched ;) ).
To solve this, in proxy/proxy.go, after checking that p.user isn't unset (on line 114), I also checked that the request TLS context equals nil to trigger the authentication test. That solution is, however, flawed, because I expect it would bypass authentication if you set TLS on the client side (with -cert and -key options), but I've not tested that hypothesis right now.
Hi,
When an unauthorized/unauthenticated user attempts to send a request on a compy instance requiring authentication, compy sends back the
WWW-Authenticateheader field, instead of the expectedProxy-Authenticationheader field in the HTTP407 Proxy Authentication Requiredreply.This behaviour violates RFC 7235, which states in section 3.2:
This is a high priority fix IMHO: a standards-compliant browser doesn't send back the authentication prompt, and lands on a blank page with the offending version.
Kind regards