 
            commit dbbe17313416ab3b17e9d05009026c1c4a37a273 Author: David Fifield <david@bamsoftware.com> Date: Sat May 31 16:59:11 2014 -0700 Make the CONNECT Host header the same as the Request-URI. It's possible to construct a request where the Host header differs from the authority in the URL, for example in an extension with nsIHttpChannel and setRequestHeader. MakeConnectString generates a host:port string for the CONNECT Request-Line, but peeks into the tunneled request in order to copy the Host header to the proxy request. Instead, use the same host:port string for Host as is used in the Request-URI, to avoid revealing the plaintext of the Host header outside of the tunnel. Backport of https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4. --- netwerk/protocol/http/nsHttpConnection.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/netwerk/protocol/http/nsHttpConnection.cpp b/netwerk/protocol/http/nsHttpConnection.cpp index 695f8a5..25ad335 100644 --- a/netwerk/protocol/http/nsHttpConnection.cpp +++ b/netwerk/protocol/http/nsHttpConnection.cpp @@ -1466,12 +1466,9 @@ nsHttpConnection::SetupProxyConnect() request.SetHeader(nsHttp::Proxy_Connection, NS_LITERAL_CSTRING("keep-alive")); request.SetHeader(nsHttp::Connection, NS_LITERAL_CSTRING("keep-alive")); - val = mTransaction->RequestHead()->PeekHeader(nsHttp::Host); - if (val) { - // all HTTP/1.1 requests must include a Host header (even though it - // may seem redundant in this case; see bug 82388). - request.SetHeader(nsHttp::Host, nsDependentCString(val)); - } + // all HTTP/1.1 requests must include a Host header (even though it + // may seem redundant in this case; see bug 82388). + request.SetHeader(nsHttp::Host, buf); val = mTransaction->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization); if (val) {