fixes bug 220122 "Proxy-Authentication credentials can be exposed to origin server" r=bz sr=jst

netwerk/protocol/http/src/nsHttpChannel.cpp

@@ -1977,7 +1977,12 @@ nsHttpChannel::GetCredentials(const char *challenges,
     nsCAutoString path;
     PRBool identFromURI = PR_FALSE;
 
-    if (proxyAuth) {
+    // it is possible for the origin server to fake a proxy challenge.  if
+    // that happens we need to be sure to use the origin server as the auth
+    // domain.  otherwise, we could inadvertantly expose the user's proxy
+    // credentials to an origin server.
+
+    if (proxyAuth && mConnectionInfo->ProxyHost()) {
         host = mConnectionInfo->ProxyHost();
         port = mConnectionInfo->ProxyPort();
         ident = &mProxyIdent;