Installs occasionally have complex HTTP environments that require specialized proxying rules and SSL trust behaviors. Probably? At least one install does.
We can reasonably offer a PhutilHTTPEngineExtension to support these behaviors. Two useful callbacks would be:
- getProxyURIForURI($uri, ...) - Allows the extension to select an HTTP proxy to use to connect to a given URI.
- shouldBlindlyTrustDomain($uri, ...) - Allows the extension to disable certificate validation for a given URI.
There are likely a handful of other behaviors which could live here eventually (we very occasionally see issues with timeout behavior, for example) and this could clean up the messy https.blindly-trust-domains implementation at least somewhat.
Original Report
In some setups egress traffic from the hosts that run phabricator is not allowed. Instead access must be done via a, possibly authenticated, SOCKS or HTTP proxy. It would be nice if phabricator supported configuration variables that allowed it to access remote URLs (such as when creating a macro or importing a git repo) via a proxy.