1319641 - Consider supporting user authentication in FindProxyForURL

Status: RESOLVED DUPLICATE of bug 1359543

(WebExtensions :: Request Handling, defect)

Description

[Matthew Wein [:mattw]]

This bug is meant to track discussing and potentially implementing programmatic username/password authentication as an additional return type to FindProxyForURL.  

The format for the return type would be:
 - ["PROXY"|"HTTP"|"HTTPS"|"SOCKS5"] username@password:server:port 

One topic I think we still need to flesh out is whether or not this feature will have any security implications. For example, would it open any security holes by allowing others to view the username and password to access the proxy? If so, is there anything we can do about this?

For more information, see the proxy API design document: https://docs.google.com/document/d/1W45o5X2bFRPrTaQDFp9IzTJ8njCVfEgyENS7i2owaUI/edit?usp=sharing

Comment 1

[Eric Jung [:ericjung]]

(In reply to Matthew Wein [:K-9, :mattw] from comment #0)
> This bug is meant to track discussing and potentially implementing
> programmatic username/password authentication as an additional return type
> to FindProxyForURL.  
> 
> The format for the return type would be:
>  - ["PROXY"|"HTTP"|"HTTPS"|"SOCKS5"] username@password:server:port 
> 

Please note that I intended the "HTTP" return type to be a synonym for the antiquated "PROXY" return type. "PROXY" return type was defined before HTTPS proxies were created.

Comment 2

[Eric Jung [:ericjung]]

How is this fixed/resolved? Is it already supported by the implementation in bug #1295807?

Comment 3

[Matthew Wein [:mattw]]

Please see https://bugzilla.mozilla.org/show_bug.cgi?id=1319630#c2.