Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Fix bug in using nonProxyHosts with CRT http/s3 clients #6511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
alextwoods merged 4 commits into master from alexwoo/crt-non-proxy-hosts
Oct 27, 2025

Conversation

@alextwoods
Copy link
Contributor

@alextwoods alextwoods commented Oct 23, 2025
edited
Loading

Fix bug in using nonProxyHosts with CRT http/s3 clients.

Fixes #6414

Motivation and Context

#4974 added the nonProxyHosts configuration to the CrtProxyConfiguration used by the CRT HTTP Client and S3 Client. However, the implementation had a bug and was checking the nonProxyHosts against the proxy host instead of against the request's endpoint.

Checking against the request's endpoint is tricky and for the S3 Client, not possible, since the endpoint is resolved per request. Rather than implementing the no proxy hosts logic in Java, this PR uses the noProxyHosts CRT configuration.

There is a difference in the format/support for no proxy hosts configuration between CRT and pure Java (apache/netty clients): the Java implementation allows arbitrary regex but does not support CIDR style ip addresses. CRT's implementation follows the format used by curl and the only wild card supported is a single "*". It also supports CIDR style ip addresses.

These differences exist today in the use of no proxy environment/system properties.

Despite this behavior difference, this PR is NOT a breaking change since the nonProxyHosts configuration was not actually being applied before.

Modifications

  • Update to latest aws-crt dependency (which includes the noProxyHosts binding)
  • Set the noProxyHosts on CRT's HttpProxyOptions, allowing it to be used by CRT.

Testing

Modified existing tests + manual testing of crt http client and s3 client.

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@alextwoods alextwoods requested a review from a team as a code owner October 23, 2025 19:41
@alextwoods alextwoods added the no-api-surface-area-change Indicate there is no API surface area change and thus API surface area review is not required label Oct 23, 2025
Copy link

Copy link
Contributor

My only concern is that if users were setting non-proxy hosts before and it had no effect, this PR would enable non-proxy-host and could bypass the proxy for some requests that weren't bypassing it previously, correct?

Copy link
Contributor Author

My only concern is that if users were setting non-proxy hosts before and it had no effect, this PR would enable non-proxy-host and could bypass the proxy for some requests that weren't bypassing it previously, correct?

Yeah - this is true and I think a fair concern, but I think I'd consider it a reasonable break fix - if a user has explicitly configured a non-proxy-host we should use it. Existing system/environment uses of nonProxyHost should remain unchanged, so its only explicit in code configurations that should now start working.

We could mitigate that risk by introducing a new configuration (nonProxyHost_butThisTimeIMeanIt) and deprecating the old one, but I think I'd argue that this is a reasonable fix of existing broken behavior.

Copy link
Contributor

My only concern is that if users were setting non-proxy hosts before and it had no effect, this PR would enable non-proxy-host and could bypass the proxy for some requests that weren't bypassing it previously, correct?

Yeah - this is true and I think a fair concern, but I think I'd consider it a reasonable break fix - if a user has explicitly configured a non-proxy-host we should use it. Existing system/environment uses of nonProxyHost should remain unchanged, so its only explicit in code configurations that should now start working.

We could mitigate that risk by introducing a new configuration (nonProxyHost_butThisTimeIMeanIt) and deprecating the old one, but I think I'd argue that this is a reasonable fix of existing broken behavior.

Yeah, I agree that if a user has explicitly configured a non-proxy-host we should use it. I'm just thinking of the situation where user would have set a non-proxy-host for a dev/local setup environment, but then inadvertently leaked that same config to their prod environment (unknowingly because it didn't take effect previously). I don't know how much of a concern that would be, it does seems unlikely.

@alextwoods alextwoods added this pull request to the merge queue Oct 27, 2025
Merged via the queue into master with commit d78d8a0 Oct 27, 2025
39 checks passed
Copy link

This pull request has been closed and the conversation has been locked. Comments on closed PRs are hard for our team to see. If you need more assistance, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 27, 2025
@alextwoods alextwoods deleted the alexwoo/crt-non-proxy-hosts branch October 27, 2025 20:54
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@L-Applin L-Applin L-Applin approved these changes

@S-Saranya1 S-Saranya1 S-Saranya1 approved these changes

Assignees

No one assigned

Labels

no-api-surface-area-change Indicate there is no API surface area change and thus API surface area review is not required

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

S3AsyncClient CRT Client does not honor S3CrtProxyConfiguration - nonProxyHosts is not being read

AltStyle によって変換されたページ (->オリジナル) /