Add support for per-request HTTPS traffic Proxying #23
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pspieker-stripe
force-pushed
the
pspieker-add-per-request-https-proxy-support
branch
from
bb58097
to
229d23d
Compare
pspieker-stripe
force-pushed
the
pspieker-add-per-request-https-proxy-support
branch
from
229d23d
to
82957d4
Compare
WIP on tests linting etc. Hacky solution to golang bug
pspieker-stripe
force-pushed
the
pspieker-add-per-request-https-proxy-support
branch
from
82957d4
to
def7612
Compare
cds2-stripe
previously requested changes
Nov 29, 2023
https.go
Outdated
|
|
||
| httpsProxy, err := httpsProxyAddr(r.URL, proxy.HttpsProxyAddr) | ||
| var httpsProxyURL string | ||
| if r.Header[PerRequestHTTPSProxyHeaderKey] != nil && r.Header[PerRequestHTTPSProxyHeaderKey][0] != "" { |
There was a problem hiding this comment.
Could we change this to something like:
httpsProxyURL := proxy.HttpsProxyAddr
if r.Header.Get(PerRequestHTTPSProxyHeaderKey) != "" {
httpsProxyURL = r.Header.Get(PerRequestHTTPSProxyHeaderKey)
}
There was a problem hiding this comment.
Ack fixed!
We should also clear this header.
Not sure what this means?
pspieker-stripe
dismissed
cds2-stripe’s stale review
Re-requested review after changes
cds2-stripe
requested changes
Dec 6, 2023
https.go
Outdated
| @@ -587,6 +593,10 @@ func httpsProxyAddr(reqURL *url.URL, httpsProxy string) (string, error) { | |||
| reqSchemeURL.Scheme = "https" | |||
|
|
|||
| proxyURL, err := cfg.ProxyFunc()(reqSchemeURL) | |||
| if err != nil { | |||
https.go
Outdated
| HTTPMitmConnect = &ConnectAction{Action: ConnectHTTPMitm, TLSConfig: TLSConfigFromCA(&GoproxyCa)} | ||
| RejectConnect = &ConnectAction{Action: ConnectReject, TLSConfig: TLSConfigFromCA(&GoproxyCa)} | ||
| httpsRegexp = regexp.MustCompile(`^https:\/\/`) | ||
| PerRequestHTTPSProxyHeaderKey = "X-Https-Proxy" |
There was a problem hiding this comment.
This is a small nit, but I think we should be more explicit. Can we change this to X-Upstream-Https-Proxy?
proxy_test.go
Outdated
| } | ||
| client := &http.Client{Transport: tr} | ||
|
|
||
| // r := string(getOrFail(finalDestinationUrl, client, t)) |
proxy_test.go
Outdated
| } | ||
|
|
||
| // Ensuring the external proxy was routed through | ||
| if resBody[len(resBody)-14:] != "-externalproxy" { |
There was a problem hiding this comment.
I'd probably prefer something less brittle like another strings.Contains
| @@ -733,6 +733,91 @@ func TestHttpProxyAddrsFromEnv(t *testing.T) { | |||
| os.Unsetenv("https_proxy") | |||
| } | |||
|
|
|||
| func TestOverrideHttpsProxyAddrsFromEnvWithRequest(t *testing.T) { | |||
There was a problem hiding this comment.
This is a great test! Thanks for getting this working.
cds2-stripe
approved these changes
Dec 6, 2023
pspieker-stripe
deleted the
pspieker-add-per-request-https-proxy-support
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a new supported header to
goproxy-X-Https-Proxy, which is parsed by goproxy and passed as the Proxy Connect Header to a request that's already being proxied.This allows support for goproxy to allow per request proxying, so long as the given request passes the
X-Https-Proxyheader. Previous, there was only support for env variable-level proxying, so all requests from a goproxy instance would have their proxy decisions made based on the given env vars.Tests
Test with:
Debug with setting some
runtime.Breakpoint()calls, then:and then: