naiveproxy/net/http/proxy_fallback.cc
2018-12-09 21:59:24 -05:00

78 lines
2.9 KiB
C++

// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/http/proxy_fallback.h"
#include "net/base/net_errors.h"
#include "net/base/proxy_server.h"
namespace net {
NET_EXPORT bool CanFalloverToNextProxy(const ProxyServer& proxy,
int error,
int* final_error) {
*final_error = error;
if (proxy.is_quic()) {
switch (error) {
case ERR_QUIC_PROTOCOL_ERROR:
case ERR_QUIC_HANDSHAKE_FAILED:
case ERR_MSG_TOO_BIG:
return true;
}
}
// TODO(eroman): Split up these error codes across the relevant proxy types.
//
// A failure to resolve the hostname or any error related to establishing a
// TCP connection could be grounds for trying a new proxy configuration.
//
// Why do this when a hostname cannot be resolved? Some URLs only make sense
// to proxy servers. The hostname in those URLs might fail to resolve if we
// are still using a non-proxy config. We need to check if a proxy config
// now exists that corresponds to a proxy server that could load the URL.
//
// A failure while establishing a tunnel to the proxy
// (ERR_TUNNEL_CONNECTION_FAILED) is NOT considered grounds for fallback.
// Other browsers similarly don't fallback, and some client's PAC
// configurations rely on this for some degree of content blocking.
// See https://crbug.com/680837 for details.
switch (error) {
case ERR_PROXY_CONNECTION_FAILED:
case ERR_NAME_NOT_RESOLVED:
case ERR_INTERNET_DISCONNECTED:
case ERR_ADDRESS_UNREACHABLE:
case ERR_CONNECTION_CLOSED:
case ERR_CONNECTION_TIMED_OUT:
case ERR_CONNECTION_RESET:
case ERR_CONNECTION_REFUSED:
case ERR_CONNECTION_ABORTED:
case ERR_TIMED_OUT:
case ERR_SOCKS_CONNECTION_FAILED:
// ERR_PROXY_CERTIFICATE_INVALID can happen in the case of trying to talk to
// a proxy using SSL, and ending up talking to a captive portal that
// supports SSL instead.
case ERR_PROXY_CERTIFICATE_INVALID:
// ERR_SSL_PROTOCOL_ERROR can happen when trying to talk SSL to a non-SSL
// server (like a captive portal).
case ERR_SSL_PROTOCOL_ERROR:
return true;
case ERR_SOCKS_CONNECTION_HOST_UNREACHABLE:
// Remap the SOCKS-specific "host unreachable" error to a more
// generic error code (this way consumers like the link doctor
// know to substitute their error page).
//
// Note that if the host resolving was done by the SOCKS5 proxy, we can't
// differentiate between a proxy-side "host not found" versus a proxy-side
// "address unreachable" error, and will report both of these failures as
// ERR_ADDRESS_UNREACHABLE.
*final_error = ERR_ADDRESS_UNREACHABLE;
return false;
}
return false;
}
} // namespace net