Skip to content
Snippets Groups Projects
Commit e08b91c7 authored by David Fifield's avatar David Fifield Committed by Mike Perry
Browse files

Make the CONNECT Host header the same as the Request-URI. 

It's possible to construct a request where the Host header differs from
the authority in the URL, for example in an extension with
nsIHttpChannel and setRequestHeader. MakeConnectString generates a
host:port string for the CONNECT Request-Line, but peeks into the
tunneled request in order to copy the Host header to the proxy request.

Instead, use the same host:port string for Host as is used in the
Request-URI, to avoid revealing the plaintext of the Host header outside
of the tunnel.

Backport of https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4.
parent 19ef106d
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment