lib: add NODE_PROXY_TUNNEL env var to disable CONNECT tunneling#62926
lib: add NODE_PROXY_TUNNEL env var to disable CONNECT tunneling#62926mcollina wants to merge 1 commit intonodejs:mainfrom
Conversation
|
Review requested:
|
c0bc38c to
20d97d0
Compare
|
IIUC this is what nodejs/undici#4083 is about. Shouldn't this be the default behavior? For http.request, we just rewrite the request instead of tunneling at all to stay aligned with curl's behavior, I think we should do the same for fetch as well and just don't bother tunneling pure HTTP requests. |
| if (envProxyTunnel !== undefined) { | ||
| proxyTunnel = envProxyTunnel === 'true' || envProxyTunnel === '1'; | ||
| } | ||
| const envHttpProxyAgent = new EnvHttpProxyAgent({ proxyTunnel }); |
There was a problem hiding this comment.
Does this disable tunneling for HTTPS requests too? If so, that sounds like an insecure behavior - HTTPS should always be tunneled while HTTP doesn't need tunneling. That's what curl has and also what http/https.request implements. If it only disables tunneling for HTTP, I think we can just unconditionally set it to false and don't need to add an env var for this unless anyone specifically requests being able to tunnel pure HTTP requests (I doubt anyone would actually need it considering that's not what curl and most other runtimes do)
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #62926 +/- ##
==========================================
+ Coverage 89.61% 89.65% +0.03%
==========================================
Files 706 706
Lines 219136 219375 +239
Branches 41981 42055 +74
==========================================
+ Hits 196376 196675 +299
+ Misses 14671 14592 -79
- Partials 8089 8108 +19
🚀 New features to boost your workflow:
|
When NODE_USE_ENV_PROXY or --use-env-proxy is enabled and the proxy does not support the HTTP CONNECT method, undici loops forever retrying CONNECT requests. Add NODE_PROXY_TUNNEL env var to control whether proxy connections use CONNECT tunneling. When set to false/0, EnvHttpProxyAgent passes proxyTunnel: false to ProxyAgent, which uses Http1ProxyWrapper for direct HTTP forwarding instead of CONNECT tunneling. Refs: nodejs/undici#5093
20d97d0 to
4b0007d
Compare
When NODE_USE_ENV_PROXY or --use-env-proxy is enabled and the proxy does not support the HTTP CONNECT method, undici loops forever retrying CONNECT requests. Add NODE_PROXY_TUNNEL env var to control whether proxy connections use CONNECT tunneling.
When set to false/0, EnvHttpProxyAgent passes proxyTunnel: false to ProxyAgent, which uses Http1ProxyWrapper for direct HTTP forwarding instead of CONNECT tunneling.
Refs: nodejs/undici#5093