Support for passwords having ":" in upstream proxies

Question

Support for passwords having ":" in upstream proxies

heydryft opened this issue 3 years ago · comments

I'm currently using proxyland.io, they're using : in password to separate sessions
the https-proxy-agent module supports : in passwords,
would be really glad if this request is possible

Jan Čurn · Answer 1 · Fri Feb 12 2021 21:20:05 GMT+0800 (China Standard Time)

Note that we're using the official Node.js' URL class for parsing the URLs (added in #103), so if it doesn't support the ":" char in password, I'm afraid it would be difficult to add this

Jan Čurn · Answer 2 · Fri Feb 12 2021 21:25:40 GMT+0800 (China Standard Time)

For some reason, the URL object escapes the :...

Nirupam Bhowmick · Answer 3 · Fri Feb 12 2021 21:35:00 GMT+0800 (China Standard Time)

Hey @jancurn , can't you replace %3A with : on href and password?

Ondra Urban · Answer 4 · Sat Feb 13 2021 02:28:02 GMT+0800 (China Standard Time)

A related problem. In a proxy URL such as this:

http://user:p%40ssword@proxy.com:8000

The password is not decoded somewhere down the line, which causes socket close errors.

RFC 1738 confirms that it's correct to encode those characters in section 3.1:

The user name (and password), if present, are followed by a commercial at-sign "@". Within the user and password field, any ":", "@", or "/" must be encoded.

So, we must make sure the user and password fields are properly decoded before they're used elsewhere (such as in the Authentication header).

Ondra Urban · Answer 5 · Sat Feb 13 2021 02:44:36 GMT+0800 (China Standard Time)

Ok, RFC 3986 is quite clear in section 3.2.1 that usernames and passwords can have any percent encoded characters, so I think we can safely decode them, because it is the expected behavior.

Jan Čurn · Answer 6 · Sat Feb 13 2021 07:32:28 GMT+0800 (China Standard Time)

Fixed in #110, will release soon

Ondra Urban · Answer 7 · Fri Feb 26 2021 15:50:16 GMT+0800 (China Standard Time)

Fixed in #110