Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Copy the cookies to the proxy request #4

Open
daniel4wong opened this issue Jan 29, 2020 · 1 comment
Open

Copy the cookies to the proxy request #4

daniel4wong opened this issue Jan 29, 2020 · 1 comment

Comments

@daniel4wong
Copy link

Hi, i found that the proxy request fail to have the cookies from the original request

I have a fix for that by using CookieContainer in HttpClient
Please have a look in my fork, which I only update the ProxyMiddleware.cs

Please check and thank you =]
@daniel4wong daniel4wong changed the title Copy the cookies to the reverse request Copy the cookies to the proxy request Jan 29, 2020
@Steinblock
Copy link

@daniel4wong

There are some problems in your solution

Cookies are set too early

Since SetProxyRequestHeaders is called before matchedRule.Modifier.Invoke(proxyRequest, context.Authentication.User); the cookies are set for the old baseAddress in _cookieContainer.Add(baseAddress, new Cookie(cookie.Key, cookie.Value)); and where not send to my proxied host.

Only a single CookieContainer instance

Since _cookieContainer is set in the .ctor it will be reused. (First request sets cookie A, Second request sets cookie B -> proxied host will receive cookie A and B for the second request), so cookieContainer.SetCookies(baseAddress, cookieHeader) would be better but even then this might lead to unpredicted behaviour since this might not be thread safe.

Cookies are still ignored if BackChannelMessageHandler is used

If someone uses the ProxyOptions.BackChannelMessageHandler property, cookies are set but never used.

Solution

My first attempt was to create a new HttpClient for every request and assign a new CookieContainer. This worked pretty well but is propably a bit slower because of the overhead.

The thing is that the cookie header is already set in SetProxyRequestHeaders but is not send to the client if I don't set a CookieContainer but I figured out that setting handler.UseCookies = false will be sufficient. In that case the header is send.

@RoadTrain

This should be a property in ProxyOptions but the default should be to not send the cookies because this might leak information if you don't own the proxied host (This might apply for some other headers as well, i.e. auth etc.). In my case this is a desired behaviour since I want to pass my forms auth cookie.

Anyway, I am not creating a merge request since there is a good workaround without changing the code.

var proxyOptions = new ProxyOptions(rules);
proxyOptions.BackChannelMessageHandler = new HttpClientHandler
{
    AllowAutoRedirect = proxyOptions.FollowRedirects,
    UseProxy = proxyOptions.UseExternalProxy,
    Proxy = proxyOptions.ExternalProxy,
    PreAuthenticate = proxyOptions.ExternalProxyPreAuthenticate,
    UseCookies = false,
};

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Steinblock @daniel4wong