Fix proxy headers leak errconnect on strict proxies#792
Open
joelwizard wants to merge 6 commits intoactions:mainfrom
Open
Fix proxy headers leak errconnect on strict proxies#792joelwizard wants to merge 6 commits intoactions:mainfrom
joelwizard wants to merge 6 commits intoactions:mainfrom
Conversation
joelwizard
changed the title
joelwizard
changed the title
There was a problem hiding this comment.
Pull request overview
This PR addresses failures with strict corporate proxies by ensuring application-level request headers are not forwarded into proxy agent CONNECT headers, and adds a Jest test suite validating proxy behavior and no-proxy/custom-agent scenarios (Fixes #747).
Changes:
- Stop passing
request.headersintoHttpProxyAgent/HttpsProxyAgentconstructor options in the bundledproxyPolicyimplementation to prevent header leakage into CONNECT. - Add
__tests__/proxy-policy.test.tscovering header leakage prevention, proxy routing, no-proxy bypass, and preserving pre-set custom agents.
Reviewed changes
Copilot reviewed 1 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| dist/upload/index.js | Removes forwarding of application headers into proxy agent options within the bundled proxy policy. |
| dist/merge/index.js | Same proxy header leakage fix applied to the merge bundle. |
| tests/proxy-policy.test.ts | Adds regression tests for proxy policy behavior (header leakage, proxy/no-proxy, agent selection, custom agent preservation). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request adds a comprehensive test suite for the
proxyPolicyto ensure it does not leak application-level headers into proxy connections and correctly handles proxy and no-proxy scenarios. The tests cover both HTTP and HTTPS requests, custom agents, and proxy bypass logic.Tests for header leakage and proxy behavior:
proxyPolicydoes not leak application headers (such asContent-Type,x-ms-version, etc.) into the CONNECT request when usingHttpsProxyAgent, addressing issues with strict corporate proxies.HttpsProxyAgentandHttpProxyAgentare used appropriately for HTTPS and HTTP requests, respectively, and that the correct proxy URL is set.no_proxylist are correctly bypassed and do not use a proxy agent.Fixes #747