fix(client): Fix redirect fails proxy authentification #2521
Conversation
|
It looks like the Proxy-Authorization header is being removed here, let's add it back. Line 242 in 54bb709 |
|
I looked into the browser’s redirection policy, specifically when redirecting to cross-origin websites. If a proxy is used, a pop-up window will appear requiring the user to manually authorize credentials and trust the site. Regardless, this might be an issue that needs addressing. Perhaps adding a client-side setting to support reauthorizing the proxy during cross-origin redirection could be a potential solution. |
|
Could you look into how other client libraries do it, that aren't necessarily user-agents? curl, golang, python-requests, etc? |
|
I reviewed the related issues reported for fetch and curl. What reqwest does is correct—when dealing with cross-origin hosts, we should indeed strip the PROXY_AUTHORIZATION header. If users trust the target host, they can handle the redirection themselves. I will close draft. |
close: #2177