From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 7 Jan 2021 13:41:17 +0000 (+0100)
Subject: change_request_destination(): Reject rewrites from http to https
X-Git-Tag: v_3_0_30~141
X-Git-Url: http://www.privoxy.org/gitweb/@default-cgi@/faq/@default-cgi@toggle?a=commitdiff_plain;h=c0def7e7a0e43f3a907e96391937817e8912d230;p=privoxy.git

change_request_destination(): Reject rewrites from http to https

... as they currently aren't supported.

Previously we would wait for the client to establish
an encrypted connection which obviously would not happen.
---

diff --git a/jcc.c b/jcc.c
index a5e561f5..4b85fe70 100644
--- a/jcc.c
+++ b/jcc.c
@@ -1044,6 +1044,16 @@ static jb_err change_request_destination(struct client_state *csp)
       log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.",
          jb_err_to_string(err));
    }
+   if (http->ssl && strcmpic(csp->http->gpc, "CONNECT"))
+   {
+      /*
+       * A client header filter changed the request URL from
+       * http:// to https:// which we currently don't support.
+       */
+      log_error(LOG_LEVEL_ERROR, "Changing the request destination from http "
+         "to https behind the client's back currently isn't supported.");
+      return JB_ERR_PARSE;
+   }
 
    return err;
 }