Open riskersen opened 2 months ago
I've created a tcpdump and noticed, that calls done by bruno are missing CONNECT calls:
dummy curl from windows:
vs bruno:
So it seems, that bruno is not aware, that I'm using a proxy. The proxy variables are set by env vars and not within brunos config:
C:\Users\me>set
Thanks for reporting this @riskersen We are in the final stages of getting a PR merged that will solve the issue around skipping the CONNECT call
We expect a fix to be released early next week. cc @lohxt1 @byjrack
And @riskersen likely it's all the same bug in Axios mentioned in #1372. For https_proxy env Axios assumes that the scheme will be https and thus sends a TLS handshake before it would try and CONNECT. Many proxies will just be listening on HTTP for efficiency so you get a variety of error conditions based on the proxy provider when the client sends the TLS handshake. Been a long standing bug in Axios, but the Bruno crew are just going to be a bit more explicit as you can see in #2724 to avoid triggering the bad logic in Axios.
I have checked the following:
Describe the bug
I'm trying to get access tokens from Entra, but it always fails with a 500 coming from our proxy server. As I checked the proxy logs, it was clear, that bruno does not setup TLS and is trying to send plaintext to a https endpoint. The Proxy is set as ENV Variable on system level and bruno is a portable version on Windows 10.
Unfortunately, the network log stays empty in developer tools, so I cannot provide more details except of the proxy error message
The issue appears when using built-in auth mechanism, script pane and also for direct API calls.
.bru file to reproduce the bug
No response
Screenshots/Live demo link
Handshake failedThe SSL handshake could not be performed.Host: login.microsoftonline.comReason: Can't initialize server context:handshakefailed:server state 1:state 9:Application response 500 handshakefailedCompany Acceptable Use PolicyThis is an optional acceptable use disclaimer that appears on every page. You may change the wording or remove this section entirely in index.html.For assistance, please contact your system administrator.generated 2024-08-21 17:02:50 by McAfee Web Gatewayaxios/1.7.2 | | Handshake failed | The SSL handshake could not be performed. | Host: login.microsoftonline.comReason: Can't initialize server context:handshakefailed:server state 1:state 9:Application response 500 handshakefailed | Company Acceptable Use Policy | This is an optional acceptable use disclaimer that appears on every page. You may change the wording or remove this section entirely in index.html. | For assistance, please contact your system administrator. | generated 2024-08-21 17:02:50 by McAfee Web Gatewayaxios/1.7.2