Proxy-Support header case sensitive causes proxied API failure when using HttpClient #61414
Comments
dotnet-issue-labeler
bot
added
area-System.Net.Http
untriaged
|
Tagging subscribers to this area: @dotnet/ncl Issue DetailsI've been looking into an issue where access to a API work via PowerShell but doesn't via HttpClient. The diagnostic output logs "Proxy doesn't support connection-based auth" and looking it to that appear to be proxy requires the header "Proxy-Support" with the value "Session-Based-Authentication". However the API in question has the "Proxy-Support" with the value "Session-based-authentication" a simple case change. While I can accept the specification for the proxy support header may specify the value with an exact case, following this means dotnet apps will not work with some API, and other implementations do not enforce the casing. Suggested fix would be to make the check case insensitive.
|
|
RFC here: https://datatracker.ietf.org/doc/html/rfc4559 As you can see, it's rather brief and doesn't actually say whether the value is case sensitive or not. Since there are servers out there that seem to assume it's case-insenstive, we should probably do the same. |
|
I don't appear to be able to assign myself to this but I don't mind creating a pull request for this. |
RFC4559 does not specify that the Proxy-Support header value used to determine if the proxy server will honour client server authentication integrity is case sensitive. Updating the check to be case insensitive to prevent failures when value is supplied using differences in case. Fix dotnet#61414
ghost
added
the
in-pr
karelz
added
bug
and removed
untriaged
RFC4559 does not specify that the Proxy-Support header value used to determine if the proxy server will honour client server authentication integrity is case sensitive. Updating the check to be case insensitive to prevent failures when value is supplied using differences in case. Fix #61414
ghost
removed
the
in-pr
ghost
locked as resolved and limited conversation to collaborators
RFC4559 does not specify that the Proxy-Support header value used to determine if the proxy server will honour client server authentication integrity is case sensitive. Updating the check to be case insensitive to prevent failures when value is supplied using differences in case. Fix #61414
RFC4559 does not specify that the Proxy-Support header value used to determine if the proxy server will honour client server authentication integrity is case sensitive. Updating the check to be case insensitive to prevent failures when value is supplied using differences in case. Fix #61414 Co-authored-by: Christopher Wood <chris@thetoxiczone.com>
I've been looking into an issue where access to a API work via PowerShell but doesn't via HttpClient.
The diagnostic output logs "Proxy doesn't support connection-based auth" and looking it to that appear to be proxy requires the header "Proxy-Support" with the value "Session-Based-Authentication".
runtime/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs
Line 64 in e64cce6
However the API in question has the "Proxy-Support" with the value "Session-based-authentication" a simple case change. While I can accept the specification for the proxy support header may specify the value with an exact case, following this means dotnet apps will not work with some API, and other implementations do not enforce the casing.
Suggested fix would be to make the check case insensitive.
The text was updated successfully, but these errors were encountered: