Bower behind NTLM corporate proxy

[gaborDubniczki]

OS: Windows 7 Enterprise Service Pack 1

git version 2.22.0.windows.1 node: v10.16.0 npm: 6.9.0 bower: 1.8.8 then later bower-canary: 1.3.0

I'm working behind an NTLM corporate proxy. I installed and successfully set up cntlm. I'm able to install and update packages with npm. I haven't been able to work git with the cntlm proxy, but rather upgraded it to the latest version, which is able to handle NTLM authentication on it's own and works fine with the actual proxy address and credentials configured. Bower however can't get through the proxy.

First of all I tried to make it work with cntlm. I've set the cntlm proxy address this was my .bowerrc file in the "C:\Users\myuser" root folder. I have no other .bowerrc files on the computer to avoid confusion. bower version at this time was 1.8.8 { "strict-ssl": false, "registry": "https://registry.bower.io", "proxy":"http://localhost:3128", "http-proxy":"http://localhost:3128", "https-proxy":"http://localhost:3128" } $ bower search jquery returns ECONNRESET retrying over and over and over again until it finally stops I have tried the above with various windows environment variables a) variables 'proxy', 'http_proxy' and 'https_proxy' set as cntlm proxy b) variables 'proxy', 'http_proxy' and 'https_proxy' set as corporate proxy but without credentials c) variables 'proxy', 'http_proxy' and 'https_proxy' set as corporate proxy with credentials d) variables 'proxy', 'http_proxy' and 'https_proxy' deleted all of the above with variables in capital letters, ie. 'PROXY', 'HTTP_PROXY'

then tried bower 1.8.8 that maybe it could handle ntlm authentication negotiation like git does .bowerrc in "C:\Users\myuser" { "strict-ssl": false, "registry": "https://registry.bower.io", "proxy":"http://corporateProxyhost:port", "http-proxy":"http://corporateProxyhost:port", "https-proxy":"http://corporateProxyhost:port" } this returned EINVRES 407 authentication error so I tried the above with following formats a)"http://:@corporateProxyhost:port" - same as you would in git, hoping it will take the default windows credentials result: EINVRES 407 authentication error b)"http://uname:pass@corporateProxyhost:port" result: EINVRES 407 authentication error c)"http://domain%5Cuname:pass@corporateProxyhost:port" result: EINVRES 407 authentication error d)"http://domain/uname:pass@corporateProxyhost:port" result: ECONNREFUSED e)"http://domain\\uname:pass@corporateProxyhost:port" result: ECONNREFUSED f)"http://domain\uname:pass@corporateProxyhost:port" result: ECONNREFUSED then I read a suggestion to use bower-canary here: https://stackoverflow.com/questions/24432827/bower-behind-proxy-summary , as for some people that solved the same ntlm authentication problem. so that's where I changed to bower-canary 1.3.0 windows env variables were (the cntlm proxy address and port): http_proxy = http://localhost:3128 https_proxy = http://localhost:3128 { "strict-ssl": false, "registry": "http://registry.bower.io", "proxy":"", "http-proxy":"", "https-proxy":"" } Result: bower search jquery returns ETIMEDOUT retrying

windows env variables http_proxy = http://:@corporateProxyHost:Port https_proxy = http://:@corporateProxyHost:Port

{ "strict-ssl": false, "registry": "http://registry.bower.io", "proxy":"", "http-proxy":"", "https-proxy":"" } Result: bower search jquery returns ETIMEDOUT retrying

Then I tried the above with windows env variables in the following configurations: b)"http://uname:pass@corporateProxyhost:port" result: ECONNRESET c)"http://domain%5Cuname:pass@corporateProxyhost:port" result: ECONNRESET d)"http://domain/uname:pass@corporateProxyhost:port" result: unescaped characters in request e)"http://domain\\uname:pass@corporateProxyhost:port" result: unescaped characters in request f)"http://domain\uname:pass@corporateProxyhost:port" result: unescaped characters in request

Then I changed the .bowerrc registry variable to https. Most references will state it as http:// but then when I opened it in my browser I saw it being https: result was ETIMEDOUT

then changed to windows environment variables being the cntlm proxy http_proxy = http://localhost:3128 https_proxy = http://localhost:3128

and .bowerrc { "strict-ssl": false, "registry": "https://bower.io", "proxy":"", "http-proxy":"", "https-proxy":"" } Result: bower search jquery returns ETIMEDOUT

THEN windows env variables http_proxy = http://localhost:3128 https_proxy = http://localhost:3128

.bowerrc { "strict-ssl": false, "registry": "https://bower.io", "proxy":"http://localhost:3128", "http_proxy":"http://localhost:3128", "https_proxy":"http://localhost:3128" }

Result: bower search jquery returns unescaped characters

then changed .bowerrc to https_proxy from https-proxy and http_proxy from http-proxy, suspecting that '-' is the unescaped character: { "strict-ssl": false, "registry": "https://bower.io", "proxy":"http://localhost:3128", "http_proxy":"http://localhost:3128", "https_proxy":"http://localhost:3128" } Result: bower search jquery returns unescaped characters error

I've seen another person post this problem and I seem to remember they have solved it by using cntlm to negotiate with the ntlm proxy and fiddler to mediate with cntlm. This seems a very convoluted solution. It's detailed here: https://github.com/bower/bower/issues/1368 That's the only way I can think of trying yet. So far I tried and documented 26 different configurations without a satisfactory result. Want to make it clear again, that both NPM and GIT work fine and negotiate their way through the NTLM proxy. Please help!

[gaborDubniczki]

Perhaps it's interesting to note: Ad I. Tried to send a Postman get request to http://registry.npmjs.org/bower setting the proxy as local cntlm proxy address and port. Result: It returned the json file perfectly fine. Then I tried to reach with same cntlm proxy settings via Postman get request the bower registry: https://registry.bower.io also https://registry.bower.io/packages/search/jquery (both of these addresses are opened in IE and Chrome flawlessly) Result: Postman cannot get a response, not 407 or Timeout, just no response

Ad II. Tried a Postman get request to http://registry.npmjs.org/bower with NTLM authentication, which is a beta feature, setting credentials Result: It returned the json file perfectly fine again. tried https://registry.bower.io and https://registry.bower.io/packages/search/jquery with same NTLM authentication, same credentials Result: Postman cannot get a response please note: https://registry.bower.io/packages/search/jquery can be opened both in IE and Chrome without issues

Ad III. Tried a Postman get request to http://registry.bower.io (difference is http instead of https) authentication: Postman NTLM authentication (beta) Result: Proxy 407 Error

[gaborDubniczki]

Update again! I've noticed that sending a postman get request to localhost:3128 (cntlm proxy host and port) is somehow still captured by the corporate proxy and access is denied to it!!! I've seen this: https://github.com/postmanlabs/postman-app-support/issues/3942 Now I've deleted the environment settings from windows, restarted Postman and it somehow still sends the request to the proxy first. Despite the fact I've cleared any proxy settings both from Postman and the windows environment variables!

[gaborDubniczki]

FYI if you're struggling with this issue. My problems were solved by downloading and installing https://github.com/genotrance/px. Could not make it work with python 2.7 because of some dependencies... Had to download 3.7 and set it up with that, but it works perfectly with npm, yarn, bower etc..