Thread on [chroimium-dev]: https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/r8u684cY3Rc

0.
My investigation is based on commit e08dbd5 (tag 65.0.3300.0).
Unless otherwise specified, any "current", "latest", or unspecified version shall refer to this version.

1.
It's observed that Chromium currently has different behaviors when handling HTTP proxy authentication challenge for HTTP and HTTPS pages:
(Here I use proxy.crawlera.com:8010 as a sample proxy service provide, which shall give HTTP 407 status code upon unauthenticated requests)
A. When invoking this sample command `chromium --proxy-server=proxy.crawlera.com:8010 http://httpbin.org/get`, Chromium pops an "Authentication required" dialog.
B. When invoking this sample command `chromium --proxy-server=proxy.crawlera.com:8010 --ignore-certificaterrors https://httpbin.org/get`, Chromium says "This site can’t be reached" with an "ERR_UNEXPECTED_PROXY_AUTH" error.

2.
It's unexpected to me to see the outcome in example #1.B.
IMHO Chromium shall also prompt an authentication dialog.
Is there any specific reason not to prompt the authentication dialog?

3.
The ERR_UNEXPECTED_PROXY_AUTH check was introduced in commit 7a67a81536 (review URL: https://codereview.chromium.org/4575001).
That's merely an ad-hoc fix: make it ERR_UNEXPECTED_PROXY_AUTH to prevent browser crash (related bug: https://bugs.chromium.org/p/chromium/issues/detail?id=61701).

4.
The root cause of Chromium's mis-behaving on proxy authentication on tunneling (also the root cause of  bug #61701  mentioned above) is believed to have been introduced in commit 8a1f331 (review URL: https://codereview.chromium.org/2101014).
In this commit, the following change has been applied to file net/http/http_network_transaction.cc:
```
@@ -1801,12 +1877,11 @@
 }
 
 bool HttpNetworkTransaction::ShouldApplyProxyAuth() const {
-  return (!using_ssl_ && proxy_info_.is_http()) || establishing_tunnel_;
+  return !using_ssl_ && proxy_info_.is_http();
 }
```
While this commit tried to make `establishing_tunnel_` part of the state machine, it incorrectly changed behavior of `ShouldApplyProxyAuth`:
- Before the change, it returns true for both HTTP and HTTPS (tunneling) requests over an HTTP proxy.
- After the change, it returns true for only HTTP requests.
And following changes of `ShouldApplyProxyAuth` all kept this behavior.

5.
Attached is my attempt to fix the issue.
After applying the patch, my local build works as expected.
Also, it passed existing unit tests.

6.
Kindly let me know if I made any mistake. Please don't hesitate to give your valuable opinions.
If you reckon the patch is okay, can you please add it to the review queue, or let me know whether is the right place to submit patches? (I'm sorry but I don't have committer access, nor am I sure where to post the patch: I suppose it's better to first ask in chromium-dev than opening an issue directly.)
 

Deleted: fix_proxy_auth_https.patch 2.9 KB

fix_proxy_auth_https.patch 2.9 KB Download