Login/Register
How to correctly respond to HTTP CONNECT in Google Chrome
Asked Answered
google-chromehttpsproxy-server
E

1

6

I am building a Proxy server, upon receiving a HTTP CONNECT request I establish a connection to the destination server and if successful return

HTTP/1.1 200 Connection established
<<empty line>>

In Firefox this results in the opening of a tunnel and data being exchanged, loading and eventually delivered/rendered in the browser

In Google Chrome, I immediately just see:

ERR_TUNNEL_CONNECTION_FAILED

As the server appears to be working fine for Firefox but not for Chrome I can only assume that Chrome expects a different response back. Does anyone know what I am doing wrong here?

EDIT:

I found this chromium issue here which describes the same symptoms - user gets ERR_TUNNEL_CONNECTION_FAILED. I enabled the --log-net-log command line parameter and can see in the log that the ERR_TUNNEL_CONNECTION_FAILED error occurs directly after receiving my 200 Connection established proxy response.

Higher up between the request and the response I see a -109 error which corresponds to ADDRESS_UNREACHABLE.

I have included an extract below of what I think the relevant parts of the net-log are:

{"params":{"headers":["Host: mail.google.com","Proxy-Connection: keep-alive","User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"],"line":"CONNECT mail.google.com:443 HTTP/1.1\r\n"},"phase":0,"source":{"id":822,"type":5},"time":"331488980","type":125},
{"params":{"headers":["Host: mail.google.com","Proxy-Connection: keep-alive","User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36"],"line":"CONNECT mail.google.com:443 HTTP/1.1\r\n"},"phase":0,"source":{"id":822,"type":5},"time":"331488980","type":129},
{"params":{"byte_count":227},"phase":0,"source":{"id":822,"type":5},"time":"331488980","type":61},
{"phase":2,"source":{"id":822,"type":5},"time":"331488981","type":124},
{"phase":1,"source":{"id":822,"type":5},"time":"331488981","type":126},
{"phase":1,"source":{"id":822,"type":5},"time":"331488981","type":207},
{"params":{"address_family":0,"allow_cached_response":true,"host":"mail.google.com:0","is_speculative":false,"source_dependency":{"id":0,"type":0}},"phase":1,"source":{"id":823,"type":8},"time":"331489008","type":4},
{"params":{"source_dependency":{"id":823,"type":8}},"phase":1,"source":{"id":824,"type":21},"time":"331489008","type":299},
{"params":{"source_dependency":{"id":824,"type":21}},"phase":1,"source":{"id":825,"type":14},"time":"331489008","type":34},
{"params":{"address":"[2001:4860:4860::8888]:53"},"phase":1,"source":{"id":825,"type":14},"time":"331489008","type":70},
{"params":{"net_error":-109},"phase":2,"source":{"id":825,"type":14},"time":"331489008","type":70},
{"phase":2,"source":{"id":825,"type":14},"time":"331489008","type":34},
{"phase":2,"source":{"id":824,"type":21},"time":"331489008","type":299},
{"phase":0,"source":{"id":823,"type":8},"time":"331489008","type":6},
{"phase":2,"source":{"id":823,"type":8},"time":"331489008","type":4},
{"params":{"byte_count":74},"phase":0,"source":{"id":822,"type":5},"time":"331489052","type":63},
{"phase":2,"source":{"id":822,"type":5},"time":"331489052","type":207},
{"params":{"headers":["HTTP/1.1 200 Connection established"]},"phase":0,"source":{"id":822,"type":5},"time":"331489052","type":127},
{"params":{"net_error":-111},"phase":2,"source":{"id":822,"type":5},"time":"331489052","type":126},

If you need to see more of the log I have posted the whole log here

Eyeless answered 9/7, 2014 at 14:24 Comment(1)
Not exactly but I started to re-work my solution which led me to ask this question which got me where I needed to go. Maybe it will help you too? #25189095Eyeless
G
0

A little late, but just run into this issue myself. What happened in my case is that I was sending an extra byte in the CONNECT response. Found this by enabling NetLog (in Everything capture mode) in Chrome:

--> bytes =
  48 54 54 50 2F 31 2E 31  20 32 30 30 20 43 6F 6E   HTTP/1.1 200 Con
  6E 65 63 74 69 6F 6E 20  65 73 74 61 62 6C 69 73   nection establis
  68 65 64 0D 0A 0D 0A 00                            hed....

See the trailing 00. Chrome (and curl) seems to be more strict than Firefox or Safari in that the whole buffer you send it needs to be a well formed HTTP response.

I suggest you capture a full NetLog dump and look at the bytes that Chrome is receiving.

Gastrolith answered 10/1, 2020 at 14:59 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.