New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable automatic proxy detection from environment variables #672
Comments
Hey, It would be really great if this can be released rather quick or by adding the new axios@0.19.0-beta.1 which adds Do you by chance know a quick workaround for this issue? |
@Shegox unfortunately, i don't have a quick workaround right now. even if we depend on the beta release of axios and utilize the is it possible to modify the parts of your application that use the environment variables to configure the proxy to instead use explicit configuration? i feel that we should address this issue with the next major version of the package, but i'm not sure when the axios 0.19.0 release will stable. we are hoping to ship our next major version before the end of February. |
Hey @aoberoi, From my perspective it would be good to ignore the env variables from axios (if no stable release is released) and let the slack client set the proxy, if desired. |
My two cents: keep this not only enabled, but ensure it keeps working (i.e. through a test). More than anything, I see the problem not as an undocumented feature, but rather as an undocumented feature. How to combat it? Document it! ### Custom agent for proxy support
...
+ > 🕵️♀️ If no agent is provided, a proxy may be established using the
+ > `http_proxy` and `https_proxy` environment variables. Supply `agent: false`
+ > to disable this behavior.
+ > ..... Add in a reference to GNU's specification (maybe a bit too terse to use as reference in docs) or axios' specification (i.e. the comments in this issue's initial post), and it's documented. I can see the visibility of a note like this being up for debate, but I still feel like documentation is the key issue here. My justification lies in two observations: First ☝️, these variables are opt-in. Setting these environment variables is akin to enabling a linter rule: you get what you ask for (at least, that's the hope when setting it).
This feels like a direct consequence of the lack of documentation (not the feature itself!). I can see why someone might be curious as to whether Second ✌️, it'd be odd to have to opt in to "automatic" detection (e.g. via Special case: I feel like the real case that's being discussed here has to do with It more logically follows that a developer might not expect the I feel like the current behavior is correct: the internal call to the Web API should continue to detect the proxy from the environment, as that is what the variable is meant to control (re: opt-in). As it is now, Again, one more time: I feel like the real issue resolves to awareness on this one. I'm curious as to thoughts on how visibility in the docs could affect this issue. Observation: this issue's title (and, inherently, topic) is vulnerable to self-selection bias 📉.
I would expect this issue to only be seen/responded to mostly by people who have had issues with automatic proxy detection, and thus favor "disabl[ing] automatic proxy detection in axios". Those who are dependent the detection on are unlikely to go out of their way to survey this repo's issues, thus unlikely to find issues like this one. Sounds like an echo chamber 😅. The body of this issue does a very good job at being impartial and objective, but I feel like the nature of this discussion alone is bound to end up biased in its responses. |
@clavin general I'm 100% on your side. It would be inline with everything if the proxy is detected correctly. However with the current implementation it is lacking two major things. I think support for the Also in the current implementation (4.8.0) Please correct me, if I'm wrong, but with the current package it is not possible to disable the proxy when you set the If there is an way to disable it and it is documented, I would find it okay behavior. |
Ah, you'd be correct! It's the axios option I feel like it'd be justified for As for current workarounds, there's nothing I know of that you can do with |
Thanks for your detailed thoughts @clavin and @Shegox! My perspective is that Today, our declared interface states that we do not handle proxies (out of scope) and that in order to configure one, you should add a dependency to your own app and then leverage the The question remains, what will tomorrow's interface become? Here's what I see as the options:
I don't see others that look favorable, but I'm willing to hear more ideas. Now we've got to weigh the pros and cons of these options. Pro Option 1: The smaller we keep the scope, the less vulnerable this package is to risks of breaking API contracts. For example, in v4.5.0 we were able to swap out Pro Option 2: Proxying is (by anecdotal accounts) a popular need, especially for developers who deploy inside corporate controlled environments - lots of Slack developers. Taking away the extra dependency and step they need to make it work is nice. Con Option 2: Providing proxy support may add complexity to eventually targeting the browser or Electron platform (possible future goal). Even if we decided that it was only supported in a subset of environments, communicating this and documenting it is not free - and some users will still always have questions. Pro Option 2: When the SDK is embedded inside a framework (instead of being directly depended on by the app developer), then the app developer could retain the ability to set the proxy using environment variables, whether the framework (intermediary) was aware of the options or not. I'm leaning more towards Option 2 now, but would like to hear more thoughts. |
By the way, we're preparing for a new major version release soon. So if we wanted to drop the |
As I started working on this change, I learned about a few more pros and cons. Pro Option 1: The Con Option 2: In order to support the There's also one more option:
With these new data points, I'm starting to lean towards leaving the functionality as is (not deprecating Any thoughts? |
@aoberoi Thanks for breaking down the issue and the available options so well. From everything that's mentioned and what I've recently experienced troubleshooting proxies in the Python Slack SDK I'd recommend first fixing the bug by implementing option 1 above. In another PR I'd explore and test how well it would work if you made proxy configs a first class feature like you mentioned. One concern I'd have with making proxy configs work is the number of existing |
Thanks for the input. I'm reclassifying this issue as a There's nothing stopping us from introducing |
@aoberoi any idea when y’all might ship? We have an issue against our project to implement a workaround, but I’d rather fix it with an update if possible! Thanks! |
@SpencerKaiser we should have a fix released before the end of the week, and possibly as soon as tomorrow. |
Fantastic, thanks @aoberoi! |
@aoberoi which version will this fix be released in? |
@SpencerKaiser the next one 😉. Haha, if all goes well, it should be shipping before the end of the day. |
Description
There is currently an undocumented behavior in this package, inherited from a dependency on
axios
, such that setting the environment variables can change the proxy configuration. Here is a description of this feature:Since this is undocumented, a user who doesn't expect these variables to interfere with the operation of this package could end up in a broken situation with no idea of how this occurred. An example of this is #642.
It has been suggested that we use the axios option (
proxy: false
) to disable this behavior when no proxy configuration is provided. This has an advantage that users are less likely to end up in a situation where an unexpected problem occurs. But it also takes away some utility, since thehttp_proxy
andhttps_proxy
environment variables are seen as a common way to configure all HTTP clients in an entire process (config all dependencies that make HTTP requests at the same time). In fact, some might already be depending on the behavior, so taking it away might have to be delayed into asemver:major
enhancement.I'd like to hear others' opinions on what could and should be done.
Requirements (place an
x
in each of the[ ]
)The text was updated successfully, but these errors were encountered: