PAC script configuration question

What exactly are you seeing passed to the

url

host

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi eskimo

I have no idea to figure out how can I see the URL and host parameters, but I used the following PAC script to test.

Scenario 1:

HTTP request:

GET http://www.example.com/1.jpg HTTP/1.1

PAC script:

function FindProxyForURL(url, host) {

if(url == "http://www.example.com/1.jpg")

return "DIRECT";

else

return "PROXY 127.0.0.1:12345";

}

Result:

Our proxy server still gets the request.

Scenario 2:

HTTP request:

GET http://www.example.com/1.jpg HTTP/1.1

PAC script:

function FindProxyForURL(url, host) {

if(url == "http://www.example.com/")

return "DIRECT";

else

return "PROXY 127.0.0.1:12345";

}

Result:

Our proxy server can't get the request.

And so, I determine that the URL is not the full path, it only contains the domain.

And so, I determine that the URL is not the full path, it only contains the domain.

Indeed. I had a look at how this works internally and it definitely seems to be the case that CFNetwork goes out of its way to remove the path and everything after from the URL.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi eskimo,

why exactly this is handled that way? Shouldn't this be considered a bug? FindProxyForURL(url, host) was clearly designed to be able to determined the right proxy based on the full URL path.

why exactly this is handled that way?

I can’t give you a definitive answer to this question. My standard advice applies: if some system behaviour is causing you problems, file a bug report about that explaining the impact of the problem and what you’d like to see changed.

Thinking about this for myself, I see two obvious drawbacks to the traditional approach here:

• Privacy — The traditional approach passes the user’s full browsing history to the PAC script, which is a pretty massive extension of trust to code being loaded off the network.

• Performance — The traditional approach requires the PAC script to run for every URL, which radically reduces the efficiency of any caching scheme.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks eskimo, I get your point.

On the other hand, the fact that CFNetwork handles this differently than all other vendors is causing other problems. The PAC file now needs to be created separately for Apple devices. This also breaks compatibility in networks where WPAD protocol is used to deliver proxy settings.

I think the name of the function is a good indicator of what the call parameters should be 🙂 Anyway, thanks for the advice - filed a bug report, let's see where it goes from here.

filed a bug report

Thanks for that. What was the bug number?

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Filed under id 37609606 on 16 of Feb. Awaiting feedback 😉