axios
Proxy support does not work properly with CONNECT on https requests
Describe the bug
Using Axios 0.26.1 behind a corporate HTTP tunneling proxy to an HTTPS destination, once the proxy connection is made, a POST method is issued, rather than a CONNECT to establish the TLS tunnel to the destination host where the POST should be sent. Result is Error: socket hang up, as the proxy expects a CONNECT to be issued and drops the connection
Specifically, using wireshark to monitor the activity of the script goes as follow:
TCP SYN < TCP SYN, ACK TCP ACK HTTP POST < TCP FIN, ACK TCP ACK
If you use curl with the same environment, the packets are as follows:
TCP SYN < TCP SYN, ACK TCP ACK HTTP CONNECT < HTTP Connection established TCP ACK TLS Client Hello < TLS Server Hello ... encrypted POST and response follows
To Reproduce
export http_proxy="http://user:[email protected]:80"
export https_proxy="http://user:[email protected]:80"
http.post('https://api.github.com/user/repos', {});
Expected behavior
When connecting to an HTTPS server through a tunneling HTTP proxy, the CONNECT method should be used to establish the TLS handshake before issuing the POST
Environment
- Axios Version 0.26.1
- Adapter HTTP
- Node.js Version 14.8.0
- OS: Windows 10 (10.0.19042.1526)
FWIW, https://github.com/thib3113/axios-proxy-tunnel/blob/master/src/axios-proxy-tunnel.ts is an example that works with an older version of axios, doing a modification of axiosProxyTunnel is a usable workaround
I've also faced this issue. It seems hpagent package help to fix this issue.
Here is example of usage:
const axios = require('axios');
const { HttpProxyAgent, HttpsProxyAgent } = require('hpagent')
const httpAgent = new HttpProxyAgent({
proxy: 'proxy url'
})
const httpsAgent = new HttpsProxyAgent({
proxy: 'proxy url'
})
const instance = axios.create({ httpAgent, httpsAgent });
instance.post('http://example.com')
Why is the "possible bug" label removed? Clearly the automatic proxy configuration is incorrect. If the protocol is HTTPS and the HTTPS_PROXY environment variable set, the client should use the tunnel protocol by sending a CONNECT request, wait to get a 200 OK back and then send the original request on the same connection.
Is there an update for this issue? which axios version should we use to workaround?
Is there an update for this issue? which axios version should we use to workaround?
This worked for me:
I've also faced this issue. It seems hpagent package help to fix this issue.
Here is example of usage:
const axios = require('axios'); const { HttpProxyAgent, HttpsProxyAgent } = require('hpagent') const httpAgent = new HttpProxyAgent({ proxy: 'proxy url' }) const httpsAgent = new HttpsProxyAgent({ proxy: 'proxy url' }) const instance = axios.create({ httpAgent, httpsAgent }); instance.post('http://example.com')
If anyone is interested in trying out HTTPS-over-HTTP support in Axios, feel free to check https://github.com/axios/axios/pull/5037. The implementation has some limitations (no redirects) but maybe it still fits your use cases. Would love to hear back from you!
Edit: Not directly related to this issue, but please note that there is currently (as of 1.1.2) some trouble around a breaking change in the proxy configuration: https://github.com/axios/axios/issues/5079
I've also faced this issue. It seems hpagent package help to fix this issue.
Here is example of usage:
const axios = require('axios'); const { HttpProxyAgent, HttpsProxyAgent } = require('hpagent') const httpAgent = new HttpProxyAgent({ proxy: 'proxy url' }) const httpsAgent = new HttpsProxyAgent({ proxy: 'proxy url' }) const instance = axios.create({ httpAgent, httpsAgent }); instance.post('http://example.com')
that didn't work with me, got 407 from proxy, although no proxy auth required, however, using a different library other than axios, the equivalent code returned 200 without providing any proxy credentials don't know what is the reason for axios/hpagent to make proxy return 407
Can we just use proxy-agent to fix this ?
With this module we could have all proxy features enabled automatically.
I was having the same problem, and now everything works when i replace the agent.
proxy: false is needed, otherwise axios is trying to overwrite the agent.
const axios = require("axios").default;
const { ProxyAgent } = require("proxy-agent");
async function call() {
const url = "https://api64.ipify.org?format=json";
const agent = new ProxyAgent();
const res = await axios.get(url, { httpAgent:agent, httpsAgent:agent, proxy: false });
console.log(res.data);
}
call();
HTTPS_PROXY=http://proxy:3128 node example.js
Yes, you can pass in a working agent implementation yourself. The problem is that Axios currently has a built-in implementation that is broken, so if you have the HTTPS_PROXY environment variable set it will fail by default.
Yes @Nevon, but i think axios could use proxy-agent internally. There is no need to have a built-in implementation of this.
Even if the proxy is not very difficult to understand, there is a lot of little details that can lead to multiple kind of bugs.
Is there any progress on this issue?
- Axios not properly supporting https requests over a proxy prevents many depending products from working properly.
- In my case, I can not upgrade to a recent release of n8n because they dropped the alternative library on the step to 1.x.
Please fix this as this plays a central role in corporate environments.
