Skip to content

Loading…

Support a proxy mode for outbound HTTP and HTTPS traffic #83

Closed
ozten opened this Issue · 5 comments

2 participants

@ozten

Please consider adding support for a HTTP proxy everywhere node-openid uses the http or https node module.

Suggested API:
node-openid would look for an environment variable HTTP_PROXY and if present, respect it.

Example:

export HTTP_PROXY=http://localhost:8080
node bin/server

Use Cases:
1) Security and Performance
When we deploy services, we put them behind squid or another proxy layer. This allows us to deny outbound http requests to unknown urls. It allows us to locally cache OpenID responses (for the calls that are cachable).

2) Load Testing
We're looking at also using this setting for load testing, so we don't hit 3rd party OpenID endpoints.

@ozten ozten added a commit to ozten/node-openid that referenced this issue
@ozten ozten Add support for HTTP_PROXY environment variable. Proposed fix for Issue
#83

Conflicts:

	openid.js
c0ca09f
@havard
Owner

I have been gathering opinions on the matter through the nodejs mailing list and discussions with various developers. The environment variable proposal seems to be a good solution.

One suggestion though: How about splitting HTTP_PROXY into HTTP_PROXY_HOST and HTTP_PROXY_PORT (and add HTTPS_ variants)? This will align the settings with other existing solutions (notably Java).

@ozten

Thanks for looking into this and coordinating with the broader community.

It would be good to use the same solution across this and node-oauth.
ciaranj/node-oauth#102

I'm fine with These env variables. I'll update my fork once I'm back from traveling.

I've also found separating HTTP and HTTPS settings useful.

@havard
Owner

Merged and fixed in ead2635

@havard havard closed this
@ozten

This is great, thanks again! Any timelines for a 0.4.3 release?

@havard
Owner

I am gonna let it sit for a few days and see if anyone reports problems, then make a release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.