Skip to content

feat(Net): HTTPS proxy support#5249

Open
matejk wants to merge 16 commits intomainfrom
3691_https-proxy-support-2
Open

feat(Net): HTTPS proxy support#5249
matejk wants to merge 16 commits intomainfrom
3691_https-proxy-support-2

Conversation

@matejk
Copy link
Copy Markdown
Contributor

@matejk matejk commented Mar 15, 2026
edited
Loading

Summary

Closes #3035. Replaces #3691.

Rebased and cleaned-up implementation of HTTPS proxy support, originally based on work from #3040 (#3035).

  • Added possibility to connect to HTTPS proxy
  • Not all proxies support CONNECT requests, so it's possible to send a request directly to HTTPS proxy without CONNECT requests. This behavior is controlled by the proxy tunnel option which is true by default for backward-compatibility
  • In the case of HTTP endpoint and HTTP proxy, there is no tunneling despite the tunnel option being true by default. This was done also for backward-compatibility
  • Includes fix from Do not add default port for requests via proxy (fixes GCS via proxy tunnel usage) ClickHouse/poco#63
  • Do not add default port for requests via proxy (fixes GCS via proxy tunnel usage)
  • Extracted ProxyConfig to a separate class for cleaner API
  • Removed shared_ptr usage in proxy configuration
  • These changes are battle-tested in the ClickHouse project

Changes

  • Net/include/Poco/Net/ProxyConfig.h — new ProxyConfig class extracted from HTTPClientSession
  • Net/include/Poco/Net/HTTPClientSession.h — refactored to use ProxyConfig
  • Net/include/Poco/Net/HTTPSessionFactory.h — updated proxy config API
  • Net/include/Poco/Net/HTTPSessionInstantiator.h — updated proxy config API
  • Net/src/HTTPClientSession.cpp — HTTPS proxy connection logic
  • Net/src/HTTPSessionFactory.cpp — updated to use ProxyConfig
  • Net/src/HTTPSessionInstantiator.cpp — updated to use ProxyConfig
  • NetSSL_OpenSSL/src/HTTPSClientSession.cpp — HTTPS proxy tunnel support
  • Net/testsuite/src/HTTPClientSessionTest.cpp — test updates

@matejk matejk added this to the Release 1.16.0 milestone Mar 15, 2026
@matejk matejk mentioned this pull request Mar 15, 2026
Closed
@matejk matejk requested review from aleks-f and obiltschnig March 15, 2026 20:16
Jokser and others added 14 commits March 26, 2026 14:17
@Jokser @matejk
HTTPS Proxy support
7f8ceb2
@Jokser @matejk
HTTPS Proxy support
5d05c47
@azat @matejk
Do not add default port for requests via proxy (fixes GCS via proxy t…
53dc82a 
…unnel usage)

GCS server does not handle requests with port, and simply report an
error:

    <?xml version="1.0"?>
    <?xml version='1.0' encoding='UTF-8'?>
    <Error>
        <Code>InvalidURI</Code>
        <Message>Couldn't parse the specified URI.</Message>
        <Details>Invalid URL: storage.googleapis.com:443/...</Details>
    </Error>

Removing the port fixes the issue. Note that there is port in the Host
header anyway.

Note, this is a problem only for proxy in a tunnel mode, since only it
sends such requests, other sends requests directly via HTTP methods.
@Jokser @matejk
Formatting
43eacae
@Jokser @matejk
Formatting
089be25
@Jokser @matejk
Formatting
be74202
@Jokser @matejk
Get rid of shared_ptr
188ea05
@Jokser @matejk
Extract ProxyConfig to separate class
f58ee24
@Jokser @matejk
Formatting
61d4267
@Jokser @matejk
Formatting
a79dc6a
@Jokser @matejk
Test fix
9cb1b40
@Jokser @matejk
Test fix
4dea013
@matejk
fix(Net): correct indentation and formatting in HTTPS proxy support
2e3d00c 
Replace space indentation with tabs to match project conventions.
Fix copy-paste error in setProxyProtocol() error message.
Update copyright year in ProxyConfig.h.
@matejk
fix(Net): address review findings in HTTPS proxy support
4d6920f 
- Fix missing _proxySessionFactory registration in (host, port, ProxyConfig)
  constructor causing UnknownURISchemeException at connection time
- Fix HTTPSClientSession::proxyRequestPrefix() regression: return empty
  string in tunnel mode to avoid corrupting request URIs
- Fix empty proxyAuthenticate() override silently dropping credentials
  in non-tunnel HTTPS proxy mode
- Add protocol validation and connected-state check to setProxyConfig()
  and setGlobalProxyConfig()
- Wrap destructor unregisterProtocol() in try/catch to prevent
  std::terminate
- Include HTTP status code in proxyConnect() error message
- Use InvalidArgumentException instead of IllegalStateException for
  protocol validation
- Extract factory registration into initProxySessionFactory() helpers
  to prevent future missed-constructor bugs
- Modernize ProxyAuthentication to enum class with None/Basic/Digest/NTLM
- Use default member initializers in ProxyConfig (enables C++20
  designated initializers)
- Add [[nodiscard]] to key getters, modernize copy deletion to = delete
- Add 10 new unit tests covering ProxyConfig defaults, protocol
  validation, setters, request prefix, non-tunnel mode, global config,
  and bypass behavior
- Update HTTPTestServer to handle proxy requests without default port
- Fix copyright year and doc-comment style
@matejk matejk force-pushed the 3691_https-proxy-support-2 branch from b6c77b7 to 4d6920f Compare March 26, 2026 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aleks-f aleks-f Awaiting requested review from aleks-f

@obiltschnig obiltschnig Awaiting requested review from obiltschnig

Assignees

No one assigned

Labels

enhancement feature

Projects

None yet

Milestone

Release 1.16.0

Development

Successfully merging this pull request may close these issues.

HTTPS proxy support

3 participants

@matejk @Jokser @azat