Bug 1017769 - Make the CONNECT Host header the same as the Request-URI. r=mcmanus
authorDavid Fifield <david@bamsoftware.com>
Thu, 29 May 2014 11:01:02 -0700 (2014-05-29)
changeset 185920 a1f6458800d4705ce9236e2b051a98a6c42b8f44
parent 185919 9905efdd8d213a7987bae13cf8e9306a6cb52460
child 185921 29f1f27d782cd59aa7d03899357cbfd8ea3d435a
push id26868
push userryanvm@gmail.com
push dateFri, 30 May 2014 20:23:28 +0000 (2014-05-30)
treeherdermozilla-central@323156681cef [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmcmanus
bugs1017769
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1017769 - Make the CONNECT Host header the same as the Request-URI. r=mcmanus It's possible to construct a request where the Host header differs from the authority in the URL, for example in an extension with nsIHttpChannel and setRequestHeader. MakeConnectString generates a host:port string for the CONNECT Request-Line, but peeks into the tunneled request in order to copy the Host header to the proxy request. Instead, use the same host:port string for Host as is used in the Request-URI, to avoid revealing the plaintext of the Host header outside of the tunnel.
netwerk/protocol/http/nsHttpConnection.cpp
--- a/netwerk/protocol/http/nsHttpConnection.cpp
+++ b/netwerk/protocol/http/nsHttpConnection.cpp
@@ -1754,24 +1754,21 @@ nsHttpConnection::MakeConnectString(nsAH
     request->SetVersion(gHttpHandler->HttpVersion());
     request->SetRequestURI(result);
     request->SetHeader(nsHttp::User_Agent, gHttpHandler->UserAgent());
 
     // a CONNECT is always persistent
     request->SetHeader(nsHttp::Proxy_Connection, NS_LITERAL_CSTRING("keep-alive"));
     request->SetHeader(nsHttp::Connection, NS_LITERAL_CSTRING("keep-alive"));
 
-    const char *val = trans->RequestHead()->PeekHeader(nsHttp::Host);
-    if (val) {
-        // all HTTP/1.1 requests must include a Host header (even though it
-        // may seem redundant in this case; see bug 82388).
-        request->SetHeader(nsHttp::Host, nsDependentCString(val));
-    }
+    // all HTTP/1.1 requests must include a Host header (even though it
+    // may seem redundant in this case; see bug 82388).
+    request->SetHeader(nsHttp::Host, result);
 
-    val = trans->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization);
+    const char *val = trans->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization);
     if (val) {
         // we don't know for sure if this authorization is intended for the
         // SSL proxy, so we add it just in case.
         request->SetHeader(nsHttp::Proxy_Authorization, nsDependentCString(val));
     }
 
     result.Truncate();
     request->Flatten(result, false);