Bug#574635: xulrunner: cannot connect through a Bluecoat proxy with REDIRECT authentication
Mike Hommey
mh at glandium.org
Wed Mar 24 08:11:17 UTC 2010
On Tue, Mar 23, 2010 at 04:07:06PM +0100, Josselin Mouette wrote:
> Le vendredi 19 mars 2010 à 17:36 +0100, Mike Hommey a écrit :
> > On Fri, Mar 19, 2010 at 04:11:49PM +0100, Josselin Mouette wrote:
> > > This happens since the fix for the following bug:
> > > https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2009-1836
> > >
> > > As comment #75 of said bug explains, it breaks the behavior of some
> > > (arguably broken) proxies. When you issue a CONNECT command, they will
> > > reply with a REDIRECT to a page that does the authentication.
>
> Actually a new analysis shows this is more complicated than that.
>
> So this is what happens when you request https://blah.blah/
> 1) The browser issues CONNECT blah.blah
> 2) The proxy replies 302 found with a redirect to
> https://stupid.proxy/blah.blah
> 3) The browser issues CONNECT stupid.proxy
> 4) The proxy replies 401 authorization required with some Javascript
> code that does a redirect to https://authentication.gateway/blah.blah
>
> Then, the JS code used to be executed. Now it is not and you only get a
> boilerplate page.
I think the sensible way to avoid this problem altogether is to setup
your proxy configuration to not send requests to stupid.proxy and
probably authentication.gateway through the proxy, either with a
proxy.pac or with the No Proxy for box in the proxy preferences dialog.
Anyways, could you forward this upstream and report the bug number back?
Cheers
Mike
More information about the pkg-mozilla-maintainers
mailing list