Commit b09d6457 authored May 31, 2014 by David Fifield Committed by Mike Perry Nov 27, 2014

Bug #12146: Make the CONNECT Host header the same as the Request-URI.

It's possible to construct a request where the Host header differs from
the authority in the URL, for example in an extension with
nsIHttpChannel and setRequestHeader. MakeConnectString generates a
host:port string for the CONNECT Request-Line, but peeks into the
tunneled request in order to copy the Host header to the proxy request.

Instead, use the same host:port string for Host as is used in the
Request-URI, to avoid revealing the plaintext of the Host header outside
of the tunnel.

Backport of https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4.

parent d02ad4c9

netwerk/protocol/http/nsHttpConnection.cpp

+3 −6

Original line number	Diff line number	Diff line
		@@ -1595,12 +1595,9 @@ nsHttpConnection::SetupProxyConnect()
		request.SetHeader(nsHttp::Proxy_Connection, NS_LITERAL_CSTRING("keep-alive"));
		request.SetHeader(nsHttp::Connection, NS_LITERAL_CSTRING("keep-alive"));

		val = mTransaction->RequestHead()->PeekHeader(nsHttp::Host);
		if (val) {
		// all HTTP/1.1 requests must include a Host header (even though it
		// may seem redundant in this case; see bug 82388).
		request.SetHeader(nsHttp::Host, nsDependentCString(val));
		}
		request.SetHeader(nsHttp::Host, buf);

		val = mTransaction->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization);
		if (val) {