Firefox meek-http-helper leaks Host header in CONNECT requests
|Reported by:||dcf||Owned by:||dcf|
#12120 enabled the browser extension helper to use an upstream HTTP or SOCKS proxy. I'm watching the requests that go to the proxy, and Firefox is leaking the Host header in the proxy request:
CONNECT www.google.com:443 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0 Proxy-Connection: keep-alive Connection: keep-alive Host: meek-reflect.appspot.com
The Host: meek-reflect.appspot.com is not supposed to be visible on the wire. It's encrypted inside of HTTPS. But Firefox leaks it when configured to use an HTTP proxy.
The Host header must be getting special treatment, because the extension also sets X-Session-ID, and that's not showing up in the proxy request.
We have to turn off the HTTP proxy feature if we can't find a way to prevent the Host from leaking.