fix: handle proxy authentication via CDP Fetch.authRequired#1000
Merged
Conversation
Chrome's --proxy-server flag does not support credentials embedded in the URL. When a proxy requires authentication, Chrome receives a 407 from the proxy but has no way to respond with credentials, resulting in net::ERR_INVALID_AUTH_CREDENTIALS. Fix by: 1. Parsing credentials from the proxy URL (already done by parse_proxy) 2. Storing them in DaemonState.proxy_credentials 3. Enabling Fetch.enable with handleAuthRequests: true 4. Responding to Fetch.authRequired events with Fetch.continueWithAuth 5. Passing only the server URL (without credentials) to --proxy-server 6. Forwarding credentials to the daemon via dedicated env vars Also adds fallback to standard proxy env vars (HTTP_PROXY, HTTPS_PROXY, ALL_PROXY, NO_PROXY) when AGENT_BROWSER_PROXY is not set. Fixes #990
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…nd username-only auth
- Replace serde_json::Value return from parse_proxy with a typed ParsedProxy struct
- Fix double Fetch.enable call when both proxy auth and domain filter are active
(the second call could overwrite handleAuthRequests from the first)
- Allow username-only proxy auth (some proxies don't require a password)
- Handle empty username/password in parse_proxy as None instead of Some("")
- Use install_domain_filter_fetch in auto_launch for consistency
- Update unit tests to use typed struct fields
![vercel[bot]](https://avatars.githubusercontent.com/in/8329?s=60&v=4){kind=small}
This was referenced Mar 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #990 —
net::ERR_INVALID_AUTH_CREDENTIALSwhen using an authenticated proxy.--proxy-serverflag doesn't support credentials in the URL. When a proxy returns 407, Chrome had no way to respond with credentials.Fetch.authRequiredevents viaFetch.continueWithAuth.HTTP_PROXY,HTTPS_PROXY,ALL_PROXY,NO_PROXY) are now recognized as fallbacks whenAGENT_BROWSER_PROXYis not set.Changes
HTTP_PROXY/HTTPS_PROXY/ALL_PROXY/NO_PROXYenv varsproxy_username/proxy_passwordfields toLaunchOptionsDaemonState, handleFetch.authRequiredevents in the background fetch handler, enablehandleAuthRequestson allFetch.enablecalls when proxy auth is activehandleAuthRequestsflag through domain filter setupAGENT_BROWSER_PROXY_USERNAME/AGENT_BROWSER_PROXY_PASSWORDenv vars--helpTest plan
cargo fmt -- --checkpassescargo clippypasses (no warnings)cargo test— 527 passed (2 pre-existing env-dependent failures)ERR_INVALID_AUTH_CREDENTIALSwith pre-fix binary using local authenticated proxyHTTP_PROXYenv var is now recognizedERR_TOO_MANY_RETRIES)--proxy direct://bypass still works