fix: wire proxy auth credentials for local browser sessions#2208
Open
optimusbuilder wants to merge 1 commit into
Open
fix: wire proxy auth credentials for local browser sessions#2208optimusbuilder wants to merge 1 commit into
optimusbuilder wants to merge 1 commit into
Conversation
localBrowserLaunchOptions.proxy accepts username and password but only proxy.server was forwarded to Chromium. Handle proxy authentication via CDP Fetch.authRequired so authenticated proxies work without manual CDP workarounds. Co-authored-by: Cursor <cursoragent@cursor.com>
🦋 Changeset detectedLatest commit: d03ba32 The changes in this PR will be included in the next version bump. This PR includes changesets to release 3 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
Contributor
|
This PR is from an external contributor and must be approved by a stagehand team member with write access before CI can run. |
github-actions
Bot
added
external-contributor
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
No issues found across 3 files
Confidence score: 5/5
- Automated review surfaced no issues in the provided summaries.
- No files require special attention.
Architecture diagram
sequenceDiagram
participant Config as LocalBrowserLaunchOptions
participant Ctx as V3Context
participant CDP as CDPSession (Target)
participant Proxy as Auth Proxy Server
participant Browser as Chromium Browser
Note over Ctx: Constructor: Extract proxy credentials
Ctx->>Config: Read proxy config
alt Has proxy.username and proxy.password
Ctx->>Ctx: Store credentials in proxyCredentials field
else Missing credentials
Ctx->>Ctx: proxyCredentials = null (no auth flow)
end
Note over Ctx,Browser: Target Attach Flow (per session)
Ctx->>CDP: installTargetSessionListeners(session)
opt proxyCredentials exists
Ctx->>CDP: Register "Fetch.authRequired" listener
Ctx->>CDP: Register "Fetch.requestPaused" listener
Ctx->>Ctx: Queue Fetch.enable({ handleAuthRequests: true })
end
Note over Ctx: Pre-resume dispatch phase
Ctx->>Ctx: Await all queued pre-resume ops (core, headers, proxy, init, piercer)
Note over Browser,Proxy: Runtime Auth Flow
Browser->>Proxy: HTTP request (initiated by page)
Proxy-->>Browser: 407 Proxy Authentication Required
Browser->>CDP: Fetch.authRequired event
CDP->>Ctx: Fire "Fetch.authRequired" listener
Ctx->>Ctx: Extract credentials from stored proxyCredentials
Ctx->>CDP: Fetch.continueWithAuth(requestId, ProvideCredentials + username/password)
CDP->>Browser: Forward auth credentials
Browser->>Proxy: Re-request with Proxy-Authorization header
alt Auth successful
Proxy-->>Browser: 200 OK (proxy tunnel established)
Browser->>CDP: Fetch.requestPaused
CDP->>Ctx: Fire "Fetch.requestPaused" listener
Ctx->>CDP: Fetch.continueRequest(requestId)
CDP-->>Browser: Resume paused request
else Auth failed
Proxy-->>Browser: 407 or 403 (invalid credentials)
Browser->>CDP: Fetch.authRequired again
Ctx->>CDP: Retry with same credentials (no retry limit)
alt Repeated failure
Proxy-->>Browser: Connection refused
Browser-->>Ctx: Request fails (no alternative flow)
end
end
Note over Ctx: Edge case: target detach during auth
Note over Ctx: catch(() => {}) on CDP sends silently handles detached sessions
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
why
localBrowserLaunchOptions.proxy accepts username and password in the schema, but only proxy.server was forwarded to Chromium. Authenticated proxies failed silently because credentials were never used.
what changed
test plan
Summary by cubic
Fixes authenticated proxy support for local Chrome sessions by wiring
proxy.usernameandproxy.passwordfromlocalBrowserLaunchOptionsand handling CDPFetch.authRequired. Auth-required proxies now work without manual workarounds.localBrowserLaunchOptions.proxy.FetchwithhandleAuthRequestsand answerauthRequiredwith stored creds.Fetch.continueRequest.Written for commit d03ba32. Summary will update on new commits.