-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Standardize behaviour of no_proxy environmental variable #1223
Merged
Merged
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit
Hold shift + click to select a range
da7e8df
match no_proxy to subdomains
felixlut 586ad49
strip leading dot + '*' match all + testcases
felixlut 0e925a6
Update proxy.test.ts
felixlut 2ceb28b
Revert "Update proxy.test.ts"
felixlut b91602c
remove support for leading dots and wildcard no_proxy
felixlut 2a10602
change order of tests for logic consistency
felixlut f9f138e
add test for working leading dot
felixlut bad8f88
add check for partial domain, as opposed to subdomain
felixlut File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be safer to use
endsWith
instead ofincludes
to avoid bad actors from bypassing the proxy. For example if we setno_proxy=mycompany.com
then a domain likemycompany.com.evil.org
should not bypass the proxy.The above would still let domains like
evilmycompany.com
bypass the proxy. Perhaps a better formulation would beIn addition we might want to strip off a leading
.
to ensure thatno_proxy=example.com
andno_proxy=.example.com
are treated the same.I think the following should work:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for @aibaars suggestions too, ensWith + '.' sounds good
NIT: I'd consider a small refactoring of the block from line 54, it's becoming a bit dense with filters
@felixlut Could you add a test-case that covers the change in https://github.com/actions/toolkit/blob/main/packages/http-client/__tests__/proxy.test.ts ?
PS the PR validation currently fails due to some older packages, I'll take a look in a different PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like your suggestions, and sure I can add a test-case. I'll try to find time over the weekend!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've implemented the suggested changes (in addition to some other suggestions from the article I posted above), as well as test-cases for each of them. Namely the following was added:
*
matching all hosts.domain.com
-->domain.com
)