On Tue, 11 Nov 2025 11:31:22 GMT, EunHyunsu <[email protected]> wrote:
> ### Summary > This patch addresses the issue where `HttpResponse.body()` returns `null` > for 407 responses when using HTTPS through a proxy, while HTTP requests > correctly return the response body. > > ### Problem > When an HTTPS request receives a 407 Proxy Authentication Required > response, the response body is discarded during CONNECT tunnel establishment. > This is inconsistent with HTTP behavior where the body is properly returned. > > **Root cause:** > - HTTPS uses `MultiExchange<Void>` for CONNECT requests > - The body is explicitly ignored via `ignoreBody()` on 407 responses > - No mechanism exists to preserve the body for later retrieval > > ### Proposed Solution > I propose the following changes to preserve and return the 407 response > body: > > 1. **PlainTunnelingConnection.java**: Change `MultiExchange<Void>` to > `MultiExchange<byte[]>` and read the body on 407 responses instead of > ignoring it > > 2. **ProxyAuthenticationRequired.java**: Add `proxyResponseBody` field to > carry the body bytes through the exception > > 3. **Exchange.java**: Cache both the proxy response and body, then return > them when the application calls `body()` > > ### Testing > Added comprehensive test (`ProxyAuthHttpTest.java`) covering: > - Basic HTTP and HTTPS 407 responses > - Multiple `BodyHandler` types: `ofString()`, `ofByteArray()`, > `ofInputStream()`, `ofLines()` > - Response headers validation > > **Test results**: 38/38 passed > > ### Notes > - This change only affects 407 responses; all other flows remain unchanged > - The cached body is cleared after first use to prevent reuse > - No changes to public APIs; internal implementation only > > I'd appreciate any feedback on this approach. If there's a better way to > handle this, I'm happy to revise. Gentle ping — just checking if anyone could take a look when time permits. Thank you! ------------- PR Comment: https://git.openjdk.org/jdk/pull/28232#issuecomment-3528218442
