Specify secure web proxy with a password

[liulk]

We would like to be able to specify a secure proxy, i.e. connection between browser and the proxy itself is secured by TLS. The proxy also needs to authenticate the browser with a password.

On Unix, this is possible by setting the following environment variables, depending on the destination's schema.

export http_proxy=https://user:pass@proxy.example.com:port  # for http destinations.
export https_proxy=https://user:pass@proxy.example.com:port  # for https destinations.

Some browsers allow PAC to specify the HTTPS proxy type to make use of the secure proxy, but PAC does not allow specifying passwords.

Currently, the W3C WebDriver recommendation only allows specifying httpProxy for http destinations and sslProxy for https destinations. It expects the proxy to speak plain HTTP without a password.

[whimboo]

This is just a wording issue. We surely have authentication in place for level 1. Please see the first paragraph below the table:

https://w3c.github.io/webdriver/webdriver-spec.html#proxy

A host and optional port for a scheme is defined as being a valid host, optionally followed by a colon and a valid port. The host may include credentials.

If that is not that clear it would need to be updated.

[liulk]

The clarification would be helpful. Normally people don't expect "host" to include credentials. The user:pass@host:port part in an URL is called the authority part with distinct credential, host, and port subsections.

But that's only half of the problem. The other half of the problem is that we're unable to specify that the browser should itself speak TLS to the proxy.

My suggestion is to explicitly allow the following form:

[schema://][user:pass@]host[:port]

liulk

ps. By the way, I don't believe that HTTP proxies have a well-known port. Port 3128 is a popular choice for Squid but it's not officially assigned, and port 8080 is another popular alternative port but not necessarily for proxy use. Therefore, leaving the port optional certainly won't have the intended result.