usebruno / bruno

Opensource IDE For Exploring and Testing Api's (lightweight alternative to postman/insomnia)
https://www.usebruno.com/
MIT License
27.7k stars 1.28k forks source link

Bruno does not recognize proxys set by env var and thus skipping CONNECT calls #2877

Open riskersen opened 3 months ago

riskersen commented 3 months ago

I have checked the following:

Describe the bug

I'm trying to get access tokens from Entra, but it always fails with a 500 coming from our proxy server. As I checked the proxy logs, it was clear, that bruno does not setup TLS and is trying to send plaintext to a https endpoint. The Proxy is set as ENV Variable on system level and bruno is a portable version on Windows 10.

Unfortunately, the network log stays empty in developer tools, so I cannot provide more details except of the proxy error message

The issue appears when using built-in auth mechanism, script pane and also for direct API calls.

.bru file to reproduce the bug

No response

Screenshots/Live demo link

Handshake failedThe SSL handshake could not be performed.Host: login.microsoftonline.comReason: Can't initialize server context:handshakefailed:server state 1:state 9:Application response 500 handshakefailedCompany Acceptable Use PolicyThis is an optional acceptable use disclaimer that appears on every page. You may change the wording or remove this section entirely in index.html.For assistance, please contact your system administrator.generated 2024-08-21 17:02:50 by McAfee Web Gatewayaxios/1.7.2 |   | Handshake failed | The SSL handshake could not be performed. | Host: login.microsoftonline.comReason: Can't initialize server context:handshakefailed:server state 1:state 9:Application response 500 handshakefailed | Company Acceptable Use Policy | This is an optional acceptable use disclaimer that appears on every page. You may change the wording or remove this section entirely in index.html. | For assistance, please contact your system administrator. | generated 2024-08-21 17:02:50 by McAfee Web Gatewayaxios/1.7.2

riskersen commented 3 months ago

I've created a tcpdump and noticed, that calls done by bruno are missing CONNECT calls:

dummy curl from windows: image

vs bruno: image

So it seems, that bruno is not aware, that I'm using a proxy. The proxy variables are set by env vars and not within brunos config:

C:\Users\me>set

HTTPS_PROXY=http://proxy.zz:3128 HTTP_PROXY=http://proxy.zz:3128 Next test, setting HTTP_PROXY and HTTPS_PROXY to an empty string (set HTTP_PROXY="") + setting proxy in bruno results in empty calls to the proxy: ![image](https://github.com/user-attachments/assets/77e77b22-b84b-417c-823d-b322891660d6) After unsetting HTTP_PROXY and HTTPS_PROXY in cmd with set HTTP_PROXY= and set HTTPS_PROXY= + starting bruno from this cmd, I'm able to call login.microsoftonline as intended. From my perspective, the proxy support is really improvable, see also #2408 Enterprise level companies usually enforce the usage of proxies, so bruno should respect the environment variables (if set and not empty) and acknowledges them or should ignore them, if a proxy is explicitly configured in Bruno. Unfortunately, my knowledge in node is close to zero :(
helloanoop commented 3 months ago

Thanks for reporting this @riskersen We are in the final stages of getting a PR merged that will solve the issue around skipping the CONNECT call

We expect a fix to be released early next week. cc @lohxt1 @byjrack

byjrack commented 3 months ago

And @riskersen likely it's all the same bug in Axios mentioned in #1372. For https_proxy env Axios assumes that the scheme will be https and thus sends a TLS handshake before it would try and CONNECT. Many proxies will just be listening on HTTP for efficiency so you get a variety of error conditions based on the proxy provider when the client sends the TLS handshake. Been a long standing bug in Axios, but the Bruno crew are just going to be a bit more explicit as you can see in #2724 to avoid triggering the bad logic in Axios.