Closed Bug 1553222 Opened 5 years ago Closed 5 years ago

Make sure a 407 from h2 proxy is passed to the channel consumer and not internally processed

Categories

(Core :: Networking: HTTP, task, P1)

Product:
Core
Component:
Networking: HTTP
Type:
task

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox69 --- affected

People

(Reporter: mayhemer, Assigned: mayhemer)

References

Details

(Whiteboard: [necko-triaged][secure-proxy-mvp])

we want to send the 407 to the error handler.

Priority: -- → P1
Whiteboard: [necko-triaged]

This may well be a WFM - if the proxy doesn't send back any Proxy-Authenticate response header with the 407, necko won't know how to handle the authentication and just pass to the end consumer.

I will write a test ensuring that (probably the only thing needed for fixing this bug)

Assignee: nobody → honzab.moz

Let's take the test(s) from bug 1546924 and update test_proxy-authorization-via-proxyinfo.js to include:

  • check for P-Aon is as expected
  • return various error 50X codes back to the client and consult the nserror code
  • return 407 w/o P-A8 and check we don't call into the credentials manager
Summary: Disallow authentication processing when 407 is returned by our secure proxy → Make sure a 407 from h2 proxy is passed to the channel consumer and not internally processed

It is confirmed by the test in bug 1554190 that we don't handle 407 from h2 proxies at all - which actually is a bug in opposite direction (tested with Chrome that they ask for a password and handle the authentication). Error propagation will be updated in bug 1545421. For the sake of this bug intention we are WFM.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
Whiteboard: [necko-triaged] → [necko-triaged][secure-proxy-mvp]
You need to log in before you can comment on or make changes to this bug.