User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36 Steps to reproduce: Context: VPN (proxy) extension. 1. I've registered a proxy using `browser.proxy.registerProxyScript` https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/proxy/register (latest docs changed without notice regarding `registerProxyScript`). 2. My script's FindProxyForURL returns `HTTPS my.proxy.tld:443` 3. I've setup a listener for `webRequest.onAuthRequired` like this: `browser.webRequest.onAuthRequired.addListener(onAuthCallback, { urls: ['<all_urls>'] }, ['blocking']);` In the implementation of `onAuthCallback` I am checking whether the challenger is `my.proxy.tld` in order to prevent credential leak/theft to/by some unknown proxy. Here are the relevant lines in my function: ``` let challengerAllowed = false; try { const host = proxyConfig.rules.singleProxy.host; const hostRegex = host.replace('.', '\\.'); const challengerRegex = new RegExp('^' + hostRegex + '$', 'i'); challengerAllowed = challengerRegex.test(details.challenger.host); } catch (e) { console.log('onAuthCallback error caught:', e.message); } return details.isProxy && challengerAllowed ? { authCredentials: credentials } : {}; ``` 4. Make an ajax call to a `my.connectioncheck.tld` in order to trigger the authentication process. Actual results: challengerAllowed is false because `details.challenger.host` contains `my.connectioncheck.tld` instead of `my.proxy.tld` even though `details.isProxy` si true. Expected results: `details.challenger.host` should be `my.proxy.tld`.

> When using a proxy, the details.challenger.host provided to the webRequest.onAuthRequired listener contain the host of the > requested URL instead of the proxy hostname This is the documented behavior and is working as designed. From https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/webRequest/onAuthRequired#details >Warning: Unlike chrome, Firefox will return the requested host instead of the proxy requesting the authentication, even if isProxy is true.

(In reply to Eric Jung [:ericjung] from comment #1) > >Warning: Unlike chrome, Firefox will return the requested host instead of > the proxy requesting the authentication, even if isProxy is true. I don't know why it was documented like that, this is a bug.

Comment on attachment 8898589 [details] Bug 1388289 fix challenger info for proxy auth requests, Eric, can you take a look and see if you feel there is any other issue?

(In reply to Shane Caraveo (:mixedpuppy) from comment #3) > I don't know why it was documented like that, this is a bug. The warning in the documentation was added by me, after an hour of frustration on figuring out why the code that works on chrome doesn't work in firefox, and debugging it step by step until finding the culprit. Now I realize this was a bad idea and that at least I've should've mentioned it is actually a bug (not just a warning).

> Eric, can you take a look and see if you feel there is any other issue? Looks good. However, for completeness, I would suggest providing the rest of the info in nsIProxyInfo. Otherwise, we'll be back here again someday: * type (http, https, socks, etc) * username * password * failoverTimeout proxyDNS (true/false) in the flags variable

Is it ok to only have that in onAuthRequired?

> Is it ok to only have that in onAuthRequired? I don't see why not. What is your concern? Certainly |type| should be there.

(In reply to Eric Jung [:ericjung] from comment #8) > > Is it ok to only have that in onAuthRequired? > > I don't see why not. What is your concern? Certainly |type| should be there. No concern. It's easy to quickly add it for onAuthRequired, more effort (not sure how much) to add it everywhere. If onAuth is sufficient I'll do it in this patch.

> If onAuth is sufficient I'll do it in this patch. It is for this bug. I recall a privacy-related addon that wanted to know if a proxy was used to load a resource (or will be used--can't remember which). That would imply putting this info in webRequest.onBeforeRequest() and/or webRequest.onCompleted(). But that should be a different bug not relevant here.

> I recall a privacy-related addon that wanted to know if a proxy was used to load a resource bug 1373646

Comment on attachment 8898589 [details] Bug 1388289 fix challenger info for proxy auth requests, https://reviewboard.mozilla.org/r/169968/#review178204

Pushed by mixedpuppy@gmail.com: https://hg.mozilla.org/integration/autoland/rev/5d04b895717f fix challenger info for proxy auth requests, r=kmag

I've added a note describing this old bug in Firefox: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/webRequest/onAuthRequired#Browser_compatibility. Let me know if you need anything else.

2. Before version 57, on a proxied connection, the challenger.host property contains the hostname for the requested URL rather than the hostname for the proxy. I think that is sightly incorrect. change: on a proxied connection to: when authenticating to a proxy a proxy server ie. challenger should always be that of the server requesting authentication, but didn't work correctly for proxy authentication.

Thanks Shane, I've updated the note.

Is manual testing required on this bug? If yes, please provide some STR and the proper extension(if required) or set the “qe verify-“ flag. Thanks!