proxy.onRequest failure to bypass proxy for localhost
Categories
(WebExtensions :: Request Handling, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: eros_uk, Unassigned)
Details
(Whiteboard: [design-decision-needed])
Connections to localhost, 127.0.0.1/8, and ::1 are never proxied.
There are 2 main proxying API in Firefox:
- proxy.settings which sets the values of browser Connection Settings (i.e. an interface for Connection Settings)
- proxy.onRequest which is based on webRequest API and intercepts net requests
Chrome only has proxy.settings.
localhost
proxy.settingsin both Firefox and Chrome implement a default bypass/pass-through forlocalhostproxy.onRequestdoes not appear to have the above default bypass
In addition to the unexpected behaviour, there are security considerations associated with proxying localhost.
The question is, shouldn't proxy.onRequest have a default bypass/pass-through for localhost to maintain the uniformity of the policy?
See also:
- Connections to localhost, 127.0.0.1/8, and ::1 are never proxied
- Implicit bypass rules
- Proxy localhost and loopback addresses in Chrome
- https://searchfox.org/mozilla-central/source/toolkit/system/windowsproxy/nsWindowsSystemProxySettings.cpp#127-134
- https://searchfox.org/mozilla-central/source/netwerk/test/gtest/TestProtocolProxyService.cpp#26-37
|
||
Updated•1 year ago
|
|
||
Comment 1•10 months ago
|
||
For what it's worth, proxying *.localhost is quite useful for mapping Unix-domain-socket-bound services into http://*.localhost URIs (https://github.com/randomstuff/soxidizer): *.localhost have the good taste of being considered as secure contexts.
However, proxying localhost URIs to remote servers is certainly problematic and considering proxied *.localhost services as secure contexts might not make much sense either.
|
|
||
Comment 2•10 months ago
|
||
For reference, bug entry for FoxyProxy about the ability to disable the localhost bypass: https://github.com/foxyproxy/browser-extension/issues/50
Description
•