commit dab5565168923a476dadc32e6cc093a77d704582 Author: David Fifield david@bamsoftware.com Date: Sat May 31 16:59:11 2014 -0700

Make the CONNECT Host header the same as the Request-URI.

It's possible to construct a request where the Host header differs from the authority in the URL, for example in an extension with nsIHttpChannel and setRequestHeader. MakeConnectString generates a host:port string for the CONNECT Request-Line, but peeks into the tunneled request in order to copy the Host header to the proxy request.

Instead, use the same host:port string for Host as is used in the Request-URI, to avoid revealing the plaintext of the Host header outside of the tunnel.

Backport of https://hg.mozilla.org/mozilla-central/rev/a1f6458800d4. --- netwerk/protocol/http/nsHttpConnection.cpp | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/netwerk/protocol/http/nsHttpConnection.cpp b/netwerk/protocol/http/nsHttpConnection.cpp index 695f8a5..25ad335 100644 --- a/netwerk/protocol/http/nsHttpConnection.cpp +++ b/netwerk/protocol/http/nsHttpConnection.cpp @@ -1466,12 +1466,9 @@ nsHttpConnection::SetupProxyConnect() request.SetHeader(nsHttp::Proxy_Connection, NS_LITERAL_CSTRING("keep-alive")); request.SetHeader(nsHttp::Connection, NS_LITERAL_CSTRING("keep-alive"));

- val = mTransaction->RequestHead()->PeekHeader(nsHttp::Host); - if (val) { - // all HTTP/1.1 requests must include a Host header (even though it - // may seem redundant in this case; see bug 82388). - request.SetHeader(nsHttp::Host, nsDependentCString(val)); - } + // all HTTP/1.1 requests must include a Host header (even though it + // may seem redundant in this case; see bug 82388). + request.SetHeader(nsHttp::Host, buf);

val = mTransaction->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization); if (val) {