diff options
| author | Damien Neil <dneil@google.com> | 2023-07-24 11:24:40 -0400 |
|---|---|---|
| committer | Damien Neil <dneil@google.com> | 2023-08-28 16:42:28 +0000 |
| commit | 0d69747d91071be62f2cf4759e10d56426b84b26 (patch) | |
| tree | 3430d845ff7c0dc9896a9df7be25fecc8530b84a /src/net/http | |
| parent | 55db1750abdf3a968a7a3a08130e0878ba8939d5 (diff) | |
| download | go-0d69747d91071be62f2cf4759e10d56426b84b26.tar.xz | |
net/http: document setting of Proxy-Authorization header
Add a test for setting a proxy username/password in
the HTTP_PROXY environment variable as well.
Fixes #61505
Change-Id: I31c3fa94c7bc463133321e9af9289fd47da75b46
Reviewed-on: https://go-review.googlesource.com/c/go/+/512555
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Diffstat (limited to 'src/net/http')
| -rw-r--r-- | src/net/http/transport.go | 4 | ||||
| -rw-r--r-- | src/net/http/transport_test.go | 33 |
2 files changed, 37 insertions, 0 deletions
diff --git a/src/net/http/transport.go b/src/net/http/transport.go index 35dfe908d8..ac7477ea1d 100644 --- a/src/net/http/transport.go +++ b/src/net/http/transport.go @@ -117,6 +117,10 @@ type Transport struct { // "https", and "socks5" are supported. If the scheme is empty, // "http" is assumed. // + // If the proxy URL contains a userinfo subcomponent, + // the proxy request will pass the username and password + // in a Proxy-Authorization header. + // // If Proxy is nil or returns a nil *URL, no proxy is used. Proxy func(*Request) (*url.URL, error) diff --git a/src/net/http/transport_test.go b/src/net/http/transport_test.go index bcc26aa58e..9f086172d3 100644 --- a/src/net/http/transport_test.go +++ b/src/net/http/transport_test.go @@ -6810,3 +6810,36 @@ func testRequestSanitization(t *testing.T, mode testMode) { resp.Body.Close() } } + +func TestProxyAuthHeader(t *testing.T) { + // Not parallel: Sets an environment variable. + run(t, testProxyAuthHeader, []testMode{http1Mode}, testNotParallel) +} +func testProxyAuthHeader(t *testing.T, mode testMode) { + const username = "u" + const password = "@/?!" + cst := newClientServerTest(t, mode, HandlerFunc(func(rw ResponseWriter, req *Request) { + // Copy the Proxy-Authorization header to a new Request, + // since Request.BasicAuth only parses the Authorization header. + var r2 Request + r2.Header = Header{ + "Authorization": req.Header["Proxy-Authorization"], + } + gotuser, gotpass, ok := r2.BasicAuth() + if !ok || gotuser != username || gotpass != password { + t.Errorf("req.BasicAuth() = %q, %q, %v; want %q, %q, true", gotuser, gotpass, ok, username, password) + } + })) + u, err := url.Parse(cst.ts.URL) + if err != nil { + t.Fatal(err) + } + u.User = url.UserPassword(username, password) + t.Setenv("HTTP_PROXY", u.String()) + cst.tr.Proxy = ProxyURL(u) + resp, err := cst.c.Get("http://_/") + if err != nil { + t.Fatal(err) + } + resp.Body.Close() +} |