/** * If we're establishing an HTTPS tunnel with CONNECT (RFC 2817 5.2), send only the minimum set * of headers. This avoids sending potentially sensitive data like HTTP cookies to the proxy * unencrypted. */ @Override protected RawHeaders getNetworkRequestHeaders() throws IOException { RequestHeaders privateHeaders = getRequestHeaders(); URL url = policy.getURL(); RawHeaders result = new RawHeaders(); result.setStatusLine( "CONNECT " + url.getHost() + ":" + URLs.getEffectivePort(url) + " HTTP/1.1"); // Always set Host and User-Agent. String host = privateHeaders.getHost(); if (host == null) { host = getOriginAddress(url); } result.set("Host", host); String userAgent = privateHeaders.getUserAgent(); if (userAgent == null) { userAgent = getDefaultUserAgent(); } result.set("User-Agent", userAgent); // Copy over the Proxy-Authorization header if it exists. String proxyAuthorization = privateHeaders.getProxyAuthorization(); if (proxyAuthorization != null) { result.set("Proxy-Authorization", proxyAuthorization); } // Always set the Proxy-Connection to Keep-Alive for the benefit of // HTTP/1.0 proxies like Squid. result.set("Proxy-Connection", "Keep-Alive"); return result; }