search

chansen / p5-http-tiny

Tiny HTTP Client
https://metacpan.org/dist/HTTP-Tiny
53 stars 52 forks source link

Updated HTTP::Tiny HTTP_PROXY handling to be the same as LWP::UserAgent #128

Closed mrdvt92 closed 3 years ago

mrdvt92 commented 5 years ago

Due to Vulnerability Note VU#797896, the environment variable HTTP_PROXY may be tainted and cannot be use when in a CGI environment.

In LWP::UserAgent the variable HTTP_PROXY is overridden by CGI_HTTP_PROXY.

This is a patch to support the same architecture in HTTP:Tiny. Otherwise there is no easy way to proxy HTTP traffic under CGI differently than HTTPS traffic. The current work around is to set ALL_PROXY but that impacts HTTPS traffic proxy capabilities.

mrdvt92 commented 5 years ago

How do I get movement on this pull request? Do I have to add an issue?

xdg commented 3 years ago

Rebased and merged as 80d6cb8. Thank you for the contribution. Sorry it took so long to respond.