Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supply credentials for proxy authorization in MV3 #264

Open
erba2061 opened this issue Aug 24, 2022 · 3 comments
Open

Supply credentials for proxy authorization in MV3 #264

erba2061 opened this issue Aug 24, 2022 · 3 comments
Labels
enhancement Enhancement or change to an existing feature neutral: safari Not opposed or supportive from Safari topic: dnr Related to declarativeNetRequest

Comments

@erba2061
Copy link

Issue https://bugs.chromium.org/p/chromium/issues/detail?id=1135492

Suggestions

Background

Blocking webRequest API will not be supported in favour of DNR API. Adding blocking webRequest.onAuthRequired listener is the only way to supply credentials for proxy servers in Chromium browsers.

Note that browser sign-in dialog box (asks user to enter proxy credentials) is not sufficient:

  • User does not know which credentials he/she should enter. Proxy server authorization credentials are usually different from account credentials used to login to use extension features
  • Proxy returns 407 (Proxy Authentication Required) more than once during browsing time, causing dialogs to popup at random times

Impact

Privacy extensions won't be able to provide proxy services to users without consistent authorization solution in MV3.
@olso
Copy link

olso commented Aug 25, 2022

Have the same issue

@xeenon xeenon added enhancement Enhancement or change to an existing feature topic: dnr Related to declarativeNetRequest labels Aug 31, 2022
@Rob--W Rob--W mentioned this issue Sep 1, 2022
Merged
@erosman
Copy link

erosman commented Sep 26, 2022

There could be an alternative approach to proxy authentication in MV3 without webRequest.onAuthRequired, by using DNR.

Currently DNR can not be applied to proxy. If it would be possible to apply to proxy then, a set of rules can be created using declarativeNetRequest.updateDynamicRules to pass authentication to the proxy.

Scenario: Browser -> proxyurl.com -> target.com
It appears that the urlFilter applies to the target.com.

const removeRuleIds = [1];
const addRules = [
  {
    id: 1,
    priority: 1,
    action: {
      type: 'modifyHeaders',
      responseHeaders: [
        {
          header: 'Proxy-Authorization',
          operation: 'set',
          value: 'Basic ' + btoa(username + ':' + password)
        }
      ]
    },
    condition: {urlFilter: '||proxyurl.com'}
  }
];

chrome.declarativeNetRequest.updateDynamicRules({removeRuleIds, addRules});

Also: Issue 1318138: Add headers using declarativeNetRequest only if the request is being proxied

@erosman erosman mentioned this issue Sep 27, 2022
Open
@erosman
Copy link

erosman commented Oct 13, 2022
edited

Chrome seems to have introduced a new permission webRequestAuthProvider

ref:
https://groups.google.com/a/chromium.org/g/extensions-reviews/c/WEtDeiGxbuM
https://bugs.chromium.org/p/chromium/issues/detail?id=1135492

It appears to have been pushed for v108 in Chrome (Stable Release Tue, Nov 29, 2022)

@xeenon xeenon added the neutral: safari Not opposed or supportive from Safari label Oct 14, 2022
@Rob--W Rob--W mentioned this issue Nov 14, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Enhancement or change to an existing feature neutral: safari Not opposed or supportive from Safari topic: dnr Related to declarativeNetRequest
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xeenon @erosman @olso @erba2061