romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 22:01:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

tool: enable header separation for HTTPS proxies

Browse source 
When using a proxy, --header specified headers were leaking into CONNECT
requests. This could break corporate proxies that reject custom
User-Agent headers in CONNECT.

Enable CURLHEADER_SEPARATE only for HTTPS through proxy or when
--proxytunnel is used, ensuring:

- --header affects only HTTP requests (not CONNECT)
- --proxy-header affects only CONNECT requests
- --user-agent affects both consistently

Fixes the redirect + proxy + custom UA issue while maintaining
compatibility with HTTP proxy scenarios.

Closes #20398
This commit is contained in:
Jacek Migacz 2026-01-22 10:36:44 +00:00 committed by Daniel Stenberg
parent d89bc6b219
commit aacbe4d9bf
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
src/config2setopts.c
View file

@ -498,7 +498,6 @@ static CURLcode http_setopts(struct OperationConfig *config, CURL *curl)
if(config->proxyheaders) {
my_setopt_slist(curl, CURLOPT_PROXYHEADER, config->proxyheaders);
my_setopt_long(curl, CURLOPT_HEADEROPT, CURLHEADER_SEPARATE);
}
my_setopt_long(curl, CURLOPT_MAXREDIRS, config->maxredirs);
@ -882,6 +881,11 @@ CURLcode config2setopts(struct OperationConfig *config,
result = cookie_setopts(config, curl);
if(result)
return result;
/* Enable header separation when using a proxy with HTTPS or proxytunnel
* to prevent --header content from leaking into CONNECT requests */
if((config->proxy || config->proxyheaders) &&
(use_proto == proto_https || config->proxytunnel))
my_setopt_long(curl, CURLOPT_HEADEROPT, CURLHEADER_SEPARATE);
}
if(use_proto == proto_ftp || use_proto == proto_ftps) {