var
LIdHTTP : TIdHTTP;
LSSLIOHandler : TIdSSLIOHandlerSocketOpenSSL;
LRequestStr, LResult : String;
begin
LRequestStr := 'https://www.google.com';
LIdHTTP := TIdHTTP.Create(nil);
try
// Setup of TidHTTP that supposedly works with Squid SSPINTLM authentication.
LSSLIOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(LIdHTTP);
LSSLIOHandler.SSLOptions.Method := TIdSSLVersion.sslvTLSv1_2;
LIdHTTP.IOHandler := LSSLIOHandler;
LIdHTTP.HandleRedirects := True;
LIdHTTP.AllowCookies := True;
LIdHTTP.ConnectTimeout := 10000;
LIdHTTP.ReadTimeout := 10000;
LIdHTTP.Request.BasicAuthentication := True;
LIdHTTP.HTTPOptions := LIdHTTP.HTTPOptions + [hoKeepOrigProtocol] + [hoInProcessAuth] + [hoNoProtocolErrorException] + [hoWantProtocolErrorContent];
LIdHTTP.ProtocolVersion := pv1_1;
LIdHTTP.ProxyParams.ProxyServer := 'proxy';
LIdHTTP.ProxyParams.ProxyPort := 3128;
LResult := LIdHTTP.Get(LRequestStr);
CheckEquals(200, LIdHTTP.ResponseCode);
finally
LIdHTTP.Free;
end;
end;
TIdHTTP.OnSelectProxyAuthorization
event if the TIdHTTP.ProxyParams.Authentication
property is not assigned, and then the TIdHTTP.OnProxyAuthorization
event to ask for new credentials if needed. Neither of which you have assigned event handlers to. If authentication cannot be performed at all (unsupported auth scheme, no credentials provided, retry limit reached, etc), TIdHTTP should exit if hoNoProtocolErrorException
is set, otherwise it will raise an exception. If authentication can proceed, TIdHTTP will try to perform it if hoInProcessAuth
is set, otherwise it should exit and you will have to send a new request with proxy authentication added.
CONNECT
verb. And yes, it is looped, because it may take multiple HTTP requests to satisfy authentication, HTTP redirects, etc. The loop is hard-coded to "False" because the number of iterations needed is unknown. The inner body of the loop needs to decide when to exit the loop. hoNoProtocolErrorException
was never intended to be used with proxy handling. The loop in question does not look at the return value of LLocalHTTP.ProcessResponse
to break the loop if needed. A similar loop is in TIdCustomHTTP.DoRequest()
, but it does look at the return value and act accordingly. So similar logic will have to be added to TIdCustomHTTP.ConnectToHost()
when communicating with a proxy
hoNoProtocolErrorException
and hoWantProtocolErrorContent
, and then catch the raised EIdHTTPProtocolException
. The response code will be in the exception's ErrorCode
property, and any body content will be in the ErrorMessage
property.
Thanks for the response, very much appreciated. I only added hoNoProtocolErrorException
(and hoWantProtocolErrorContent
) this morning as otherwise the code below the Get()
would never run etc. and when it failed, the raised exception didn't make it particularly obvious initially what had failed where (whereas having the Check like fail would've been rather more direct) so I thought I'd rather just stop the whole exception thing and check the result code, whatever it may be.
Anyway given what you've said however I'll remove these again and make do with catching the exception instead as suggested for now.
Aside from this I'm still puzzled about the test failing now with a 407 in the first place. I'm trying to understand and reconcile your explanation with the fact that this code was working previously through this proxy, and to add which works (still) with NTLMSSP via Chrome and Firefox with no problems.
So I'm slightly puzzled regarding the auth, how this worked at all in the past then, seemingly by some fluke, since if I understand you correctly you're implying that the above code could not auth properly against an NTLM proxy due to missing event handlers/properties? Or am I misunderstanding you? (I've added IdHTTPSSPI and IdHTTPNTLM units to the above code, which was previously missing to ensure these were registered but hasn't made a difference... shouldn't the presence of these units register the necessary handlers so that hoInProcessAuth
makes Indy deal with the authentication? I'm obviously being stupid about something... sorry!)