Open flippyhead opened 8 years ago
Here what's happening: HTTP: the client send directly the full request to the proxy, with the proxy-auth headers. The proxy is in charge to forward to server. HTTPS: the client want to send a request to a server, encrypted with the server public key, passing through an http proxy. So
So in order to access the proxy-* headers on HTTPS, you may have to hook into the connect process
proxy.onConnect(function(req, socket, head, callback) {
if (!req.headers['proxy-authorization']) {
socket.write('HTTP/1.1 407 Proxy Authentication Required\r\n');
socket.write('Proxy-Authenticate: Basic realm=\"My realm\"\r\n');
socket.write('Proxy-Connection: keep-alive\r\n');
socket.write('Connection: keep-alive\r\n');
socket.write('\r\n');
return;
}
// validate req.headers['proxy-authorization'] here
// ......
callback();
});
proxy.onRequest(function(ctx, callback) {
if (!ctx.isSSL && !ctx.clientToProxyRequest.headers['proxy-authorization']) {
ctx.proxyToClientResponse.setHeader('Proxy-Authenticate', 'Basic realm=\"My realm\"');
ctx.proxyToClientResponse.statusCode = 407;
ctx.proxyToClientResponse.statusMessage = 'Proxy Authentication Required';
ctx.proxyToClientResponse.end();
return;
}
var authHeader = ctx.clientToProxyRequest.headers['proxy-authorization'] || ctx.connectHeaders['proxy-authorization'];
// validate authHeader here
// ....
callback();
});
proxy.onWebSocketConnection(function(ctx, callback) {
var authHeader = ctx.connectHeaders['proxy-authorization'];
// validate authHeader here
// ....
callback();
});
Hello! I've attempted your suggested approach to implement basic authentication (included below). However I'm seeing that HTTPS requests do not include the same header information that HTTP requests include. For example, this HTTP request includes the expected headers:
The CURL request:
curl http://stackoverflow.com -v -x http://username:password@myproxy.com:8089
The node-http-mite-proxy request headers:
Whereas an HTTPS request, while showing similar header information in the CURL request, does not include the same headers in the proxy:
The CURL request
curl https://github.com -v -x http://username:password@myproxy.com:8089
The headers included in the proxy:
My proxy code:
In short, the proxy authentication works for HTTP requests but doesn't work for HTTPS requests and I'm not sure what accounts for the difference.
Thank you!