Extension proxy support

[CodeZombieCH]

Proxy support for Visual Studio Code has been introduced recently through environment variables/settings (see https://code.visualstudio.com/docs/setup/setup-overview#_proxy-server-support). As an extension developer I would like to use these settings when requesting resources from the internet. My current implementation fails for users using a proxy.

What is the recommended way for an extension to use a proxy?

I could not find a vscode API that exposes methods to make requests using a proxy other than access to the proxy settings (workspace.getConfiguration()) and implementing everything on my own. Looking at the Visual Studio Code code base I identified the code that adds support for proxies, but copy&paste it into my extension would result in duplicated and potentially outdated code, which is something I want to avoid whenever possible. As I am probably not the only extension developer accessing the internet, I would like to hear your opinion on this issue. Any feedback would be greatly appreciated.

[jrieken]

-1 for adding this for to the API but +1 for extracting our code into a node-module. @joaomoreno how feasible is that? how much code do we add on top of other node-modules?

[joaomoreno]

It's thin.

[jrieken]

I leaving it with you then ;-)

[CodeZombieCH]

A node package sounds like a cool solution. Let me know when it's ready so I can test it and provide feedback.

[joaomoreno]

We're going with a different proxy solution in the future, skipping this.

[CodeZombieCH]

Do you have any details about that future solution?

[joaomoreno]

Actually, I might've closed this too eagerly.

We're going with using Chrome's network stack for everything. So you're a bit busted. The only way out is exposing an API for making network requests. I'll leave this open for that.

[tebeco]

@joaomoreno any news from April ?
times to times, We have to set our password in clear so far in the settings json file in order to update OmniSharp

This is insane and quite critical
Everybody tries to point someone else team and it really hurt lots of people using VsCode in companies

[tebeco]

Do i need to ping more contributor to VsCode in order to get more feedback on it ?

[Szaboadrii22]

In VSCode Settings, you can set http.proxy to http://username:PASSWORD@your-proxy-ip:port

[Szaboadrii22]

Extension proxy support #12588

[joewood]

One alternative to the suggestion of creating a VSCode fetch API for extensions would be to use the VSCode host as a proxy. VS Code already supports PAC files and NTLM/GSS corporate proxy authentication. Using this networking stack it could expose a port to the extensions like CNTLM. This could be exposed in the form of http_proxy env variables (so no change would be required there). Network requests would then pass through VS Code.

This feels like the simplest approach as it requires no change to extensions (continue to use http_proxy), the code for port forwarding is already in present.

[tebeco]

that's why multiple users in that thread are asking for since 2016/2017

it seems to be most logical one in order to have something uniform and also consistent with the OS

[LeYom]

Hi
I am too behind a corporate proxy with kerberos authentifcation, and I didn't understand why Kerberos authentification for the Proxy HTTP Adapter is not supported.

The problem is that we can't provide login/password because credentials are automatically manage by the OS Kerberos authentification system.

I hope this feature to be added to the roadmap, since some critical extensions doesn't work well offline today (like IntelliSense which needs to download its model to be fine)

Regards

[penenkel]

Hi I am too behind a corporate proxy with kerberos authentifcation, and I didn't understand why Kerberos authentification for the Proxy HTTP Adapter is not supported.

The problem is that we can't provide login/password because credentials are automatically manage by the OS Kerberos authentification system.

I hope this feature to be added to the roadmap, since some critical extensions doesn't work well offline today (like IntelliSense which needs to download its model to be fine)

Regards

@LeYom Of topic for this issue but perhaps a solution for your problem: Have you tried using a second, local proxy that supports NTLM or Kerberos authentication to the corporate proxy? I'm currently using px which works quite well. An other, if somewhat aged, candidate is cntlm.

[tebeco]

Hi I am too behind a corporate proxy with kerberos authentifcation, and I didn't understand why Kerberos authentification for the Proxy HTTP Adapter is not supported.
The problem is that we can't provide login/password because credentials are automatically manage by the OS Kerberos authentification system.
I hope this feature to be added to the roadmap, since some critical extensions doesn't work well offline today (like IntelliSense which needs to download its model to be fine)
Regards

@LeYom Of topic for this issue but perhaps a solution for your problem: Have you tried using a second, local proxy that supports NTLM or Kerberos authentication to the corporate proxy? I'm currently using px which works quite well. An other, if somewhat aged, candidate is cntlm.

oO i can answer for that one
avoid cntlm for workflow like that
the moment you'll run npm install it will start puking on itself and slowly die as it does not manage to sustain that much request even when attempting to configure it for more "parallelism"
or also fun issue with things like linux path syntax on windows 🤦‍♂️
or the fact that it must be in a specific path and if you change it ... cf point above🤷‍♂️

i don't recall the issue we struggled with px but it wasn't glorious either even if still better than cntlm

[scogginsnl]

So my situation is that I was having to add/remove proxy setting in json to switch between extension marketplace working and anything that connected to inside the proxy (intranet). In order to have marketplace and be able use self hosted gitpod/gitlab extension::

 --proxy-pac-url="http://wpad/wpad.dat"

Note:this is 'default' location of PAC file, point to whichever is being used by your enterprise

my understanding is that vscode uses OS proxy settings, but since I am literally pointing it at the file my OS uses that doesn't appear to be the case.

[benm5678]

This is where is leads you when searching for Azure Tools extension proxy issue, an issue that's open for 7 years?!? I cannot login to Azure Tools VS Code extension behind proxy. Tried all suggestions including launching with --ignore-certificate-errors. Log shows 502 error, so seems like it's some SSL negotiation issue and it's ignoring this setting.

[mckennahampton]

This is also where I ended up while researching why the official SQL Server extension was failing to download the latest SQL Tools service layer package:

Installing SQL tools service to /home/mhampton/.vscode-server/extensions/ms-mssql.mssql-1.22.1/sqltoolsservice/4.10.2.1/Ubuntu16.
Downloading https://github.com/Microsoft/sqltoolsservice/releases/download/4.10.2.1/microsoft.sqltools.servicelayer-rhel-x64-net7.0.tar.gz
[ERROR] Error: Request error: EPROTO

I've been running into similar issues with other extensions that try to download additional payloads once they're installed. They all fail if I'm behind a proxy. I've blanket whitelisted the URL's (which are mostly to github.com) and also bypassed all SSL decryption, but there is still some SSL/TLS cert negotiation issue at hand. Unfortunately it's stopping us (and I'm sure many others) from trying out other things like Copilot for VScode since it's the same problem.

[merlinz01]

@chrmarti Can we have an update on where we stand on this? An issue eight years old and so many people waiting should be high priority.

[chrmarti]

@merlinz01 Work is under way to make Chromium's implementation of fetch available to extensions. This issue is unlikely to be closed soon though, as many extensions are using Node's https module for which we have only partial support for proxies. Only proxies without auth and with Kerberos auth are supported at the moment.

If you think your setup should already work with the https module, but doesn't, please install the Network Proxy Test extension (https://marketplace.visualstudio.com/items?itemName=chrmarti.network-proxy-test) and check the output of F1 > Network Proxy Test: Test Connection in VS Code.