Skip to content

proposal: net/http: Proxy: Support authentication that takes multiple rounds #22288

@gogolok

Description

@gogolok

The Go http client lacks support for proxy authentication that takes multiple rounds, see for example #20053 . This prohibits support for a wider range of proxy authentications, for example NTLM proxy authentication.

Current issues trying to use NTLM proxy authentication:

  • NTLM: proxy answers 407, but Go's http client expects 200
  • NTLM: requires at least 2 rounds, Go's http client supports one round to setup proxy (HTTPS case with CONNECT)

I suggest to make the proxy connection setup customisable.

One could extend the Transport to specify a setup function to configure the proxy connection:

ProxySetup func(ctx ProxySetupContext) error

A context (in this example ProxySetupContext) needs to provide all necessary information to setup a proxy connection, that is:

  • the target scheme, http vs. https
  • the target addr
  • proxy auth information
  • proxy connect header (https case)
  • the TCP connection (net.Conn)

A default proxy setup function would be provided. The default proxy setup function would handle the HTTPS+CONNECT case.

An attempt :

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions