http_proxy: Add the allowlisting proxy server#59223
Draft
rtfeldman wants to merge 1 commit into
Draft
Conversation
cla-bot
Bot
added
the
cla-signed
zed-community-bot
Bot
added
the
staff
Final piece of the crate: the in-process HTTP/HTTPS proxy server that enforces an `Allowlist`. It speaks HTTP CONNECT for HTTPS tunnels and forward proxying for plain HTTP, vets resolved addresses against loopback/private/link-local ranges to prevent DNS-rebinding past the sandbox, pins each connection to the destination approved for its first request (so later keep-alive requests can't escape the policy decision), optionally chains through the `UpstreamProxy`, and bounds header sizes, connection counts, and connect/handshake waits since its sole client is untrusted model-driven code running inside the editor process. Includes end-to-end tests covering allowed/denied CONNECT and HTTP forward, IP-literal handling, DNS-rebinding denial, and upstream chaining. Still has no callers; wired into the agent terminal sandbox in later PRs. Release Notes: - N/A
rtfeldman
force-pushed
the
http-proxy-upstream
branch
from
bf56eeb to
ab50118
Compare
rtfeldman
force-pushed
the
http-proxy-server
branch
from
1b41511 to
605e8ef
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Third of the
http_proxystack. Stacked on #59217 and the upstream-config PR — review/merge those first.Adds the in-process HTTP/HTTPS proxy server that enforces an
Allowlist. It speaks HTTP CONNECT for HTTPS tunnels and forward proxying for plain HTTP, vets resolved addresses against loopback/private/link-local ranges to prevent DNS-rebinding past the sandbox, pins each connection to the destination approved for its first request (so later keep-alive requests can't escape the policy decision), optionally chains through the upstream proxy, and bounds header sizes, connection counts, and connect/handshake waits since its sole client is untrusted model-driven code running inside the editor process. Includes end-to-end tests covering allowed/denied CONNECT and HTTP forward, IP-literal handling, DNS-rebinding denial, and upstream chaining.Still has no callers; wired into the agent terminal sandbox in the remaining PRs of the stack.
Release Notes: