/**
* If we're establishing an HTTPS tunnel with CONNECT (RFC 2817 5.2), send only the minimum set
* of headers. This avoids sending potentially sensitive data like HTTP cookies to the proxy
* unencrypted.
*/
@Override
protected RawHeaders getNetworkRequestHeaders() throws IOException {
RequestHeaders privateHeaders = getRequestHeaders();
URL url = policy.getURL();
RawHeaders result = new RawHeaders();
result.setStatusLine(
"CONNECT " + url.getHost() + ":" + URLs.getEffectivePort(url) + " HTTP/1.1");
// Always set Host and User-Agent.
String host = privateHeaders.getHost();
if (host == null) {
host = getOriginAddress(url);
}
result.set("Host", host);
String userAgent = privateHeaders.getUserAgent();
if (userAgent == null) {
userAgent = getDefaultUserAgent();
}
result.set("User-Agent", userAgent);
// Copy over the Proxy-Authorization header if it exists.
String proxyAuthorization = privateHeaders.getProxyAuthorization();
if (proxyAuthorization != null) {
result.set("Proxy-Authorization", proxyAuthorization);
}
// Always set the Proxy-Connection to Keep-Alive for the benefit of
// HTTP/1.0 proxies like Squid.
result.set("Proxy-Connection", "Keep-Alive");
return result;
}
