curl-library
Re: [PATCH] CURLOPT_PROXYHEADER: send/replace proxy headers only
Date: Thu, 6 Feb 2014 10:25:37 -0600
On Tue, Feb 4, 2014 at 5:12 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
> Assume your app wants to add a Proxy-authorization: header. In which list do
> you put it? CURLOPT_PROXYHEADER for CONNECT (https) and CURLOPT_HTTPHEADER
> for http? It doesn't make sense to me.
> If we instead say CURLOPT_PROXYHEADER is right for both requests, then
> suddenly CURLOPT_PROXYHEADER is not only for CONNECT requests and we need to
> make sure that we properly clarifies and documents exactly when it is used
> and when not...
Well, in addition to CURLHEADER_UNIFIED and CURLHEADER_SEPARATE we
could have CURLHEADER_MERGED and perhaps
CURLHEADER_SEPARATE_FOR_CONNECT_AND_MERGED_OTHERWISE, but that feels
to me like a rampant overdesign. In my opinion, if someone manually
sets proxy headers separate from headers intended for the end-server,
then this use case is advanced enough that we can assume that the user
had read the manual. It is also quite a specific use case, and it is
not likely that someone who needs encryption will casually switch
between http and https. In other words, I think the documentation will
be enough to alleviate the potential of confusion in this case. On the
other hand (as I wrote earlier), I am worried about a user who starts
with a direct https request, and then adds a proxy option. Here the
danger of missing the information about CURLHEADER_SEPARATE and
CURLOPT_PROXYHEADER is quite real, and that's why I am suggesting a
warning.
Thanks
Maciej
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-02-06