[Webkit-unassigned] [Bug 126384] [SOUP] WebSockets must use system proxy settings

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 8 09:00:58 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=126384

--- Comment #30 from Michael Catanzaro <mcatanzaro at igalia.com> ---
(In reply to Carlos Garcia Campos from comment #29)
> I don't think we should backport any new API to libsoup stable branches. I'm
> not sure it's possible to do d) either, there might be proxy settings that
> are acceptable,

We should fail safe: assume that if the user has set a proxy, no WebSockets connection should ever be attempted.

> for example if the websockets host used is blacklisted,

OK, in that case it really would be safe, but that seems like a very unlikely configuration. Since this is only a fallback codepath, I would not worry about this unlikely case at all.

> or
> if only https proxy is used. 

Another odd case... in that case, wss sockets should still use the https proxy settings, but I guess it's not very much of a privacy issue if no http proxy is set. I suppose it would make sense to block use of ws WebSockets only when an http proxy is set, and to block wss WebSockets only when an https proxy is set.

> We would need to check the actual proxy
> settings to decide whether to allow the websocket connection or not.

We certainly need to check the proxy settings, but I don't think it's important to do as thorough checks as you propose. The question is: how hard is it to check the proxy settings from WebCore/platform? We really should.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180108/4f1874a8/attachment-0001.html>


More information about the webkit-unassigned mailing list