From: Fabian Keil Date: Thu, 7 Jan 2021 13:41:17 +0000 (+0100) Subject: change_request_destination(): Reject rewrites from http to https X-Git-Tag: v_3_0_30~141 X-Git-Url: http://www.privoxy.org/gitweb/%3C/static/%22https:/@protocol@@hostport@@path@?a=commitdiff_plain;h=c0def7e7a0e43f3a907e96391937817e8912d230;p=privoxy.git change_request_destination(): Reject rewrites from http to https ... as they currently aren't supported. Previously we would wait for the client to establish an encrypted connection which obviously would not happen. --- diff --git a/jcc.c b/jcc.c index a5e561f5..4b85fe70 100644 --- a/jcc.c +++ b/jcc.c @@ -1044,6 +1044,16 @@ static jb_err change_request_destination(struct client_state *csp) log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.", jb_err_to_string(err)); } + if (http->ssl && strcmpic(csp->http->gpc, "CONNECT")) + { + /* + * A client header filter changed the request URL from + * http:// to https:// which we currently don't support. + */ + log_error(LOG_LEVEL_ERROR, "Changing the request destination from http " + "to https behind the client's back currently isn't supported."); + return JB_ERR_PARSE; + } return err; }