Username and password are not decoded if retrieved from env
If someone sets an env variable defining a http_proxy (ENV['http_proxy']), containing a
username / password with percent-encoded characters, then the resulting
base64 encoded auth header will be wrong.
For example, suppose a username is
Y\X and the password is
Properly URL encoded the proxy url would be:
The resulting proxy auth header should be:
WVxYOlIlU10gP1g=, but the
getters defined by ruby StdLib
URI return a username
R%25S%5D%20%3FX, resulting in
As a result the proxy will deny the request.
Please note that this is my first contribution to the ruby ecosystem, to
standard lib especially and I am not a ruby developer. I don't
understand ruby's encoding system and the code is not properly
ruby-esque. Sorry for that and a happy and healthy 2021!
The description above is taken from: https://github.com/ruby/net-http/pull/5
Updated by nagachika (Tomoyuki Chikanaga) 9 days ago
- Backport changed from 2.5: UNKNOWN, 2.6: UNKNOWN, 2.7: UNKNOWN, 3.0: UNKNOWN to 2.6: REQUIRED, 2.7: REQUIRED, 3.0: REQUIRED
- Status changed from Open to Closed
fixed at 842f00f45212019a3b07f8d8dac269d35beb9efa