Bug 1017769 - Make the CONNECT Host header the same as the Request-URI. r=mcmanus

It's possible to construct a request where the Host header differs from the authority in the URL, for example in an extension with nsIHttpChannel and setRequestHeader. MakeConnectString generates a host:port string for the CONNECT Request-Line, but peeks into the tunneled request in order to copy the Host header to the proxy request. Instead, use the same host:port string for Host as is used in the Request-URI, to avoid revealing the plaintext of the Host header outside of the tunnel.
2014-05-29 11:01:02 -07:00 · 2014-05-29 11:01:02 -07:00 · a5c112634b
--- a/netwerk/protocol/http/nsHttpConnection.cpp
+++ b/netwerk/protocol/http/nsHttpConnection.cpp
@ -1759,14 +1759,11 @@ nsHttpConnection::MakeConnectString(nsAHttpTransaction *trans,
    request->SetHeader(nsHttp::Proxy_Connection, NS_LITERAL_CSTRING("keep-alive"));
    request->SetHeader(nsHttp::Connection, NS_LITERAL_CSTRING("keep-alive"));

-    const char *val = trans->RequestHead()->PeekHeader(nsHttp::Host);
-    if (val) {
    // all HTTP/1.1 requests must include a Host header (even though it
    // may seem redundant in this case; see bug 82388).
-        request->SetHeader(nsHttp::Host, nsDependentCString(val));
-    }
+    request->SetHeader(nsHttp::Host, result);

-    val = trans->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization);
+    const char *val = trans->RequestHead()->PeekHeader(nsHttp::Proxy_Authorization);
    if (val) {
        // we don't know for sure if this authorization is intended for the
        // SSL proxy, so we add it just in case.