documentation: improve proxy documentation#8840
Conversation
eshitachandwani
added
Type: Documentation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #8840 +/- ##
==========================================
- Coverage 83.31% 83.20% -0.11%
==========================================
Files 414 414
Lines 32753 32727 -26
==========================================
- Hits 27288 27231 -57
- Misses 4064 4077 +13
- Partials 1401 1419 +18 🚀 New features to boost your workflow:
|
Documentation/proxy.md
Outdated
| request](https://github.com/grpc/grpc/issues/35372) for it and might support it | ||
| in future. | ||
|
|
||
| Not using https to connect to HTTP CONNECT proxy does not compromise security. |
There was a problem hiding this comment.
Did you mean to say http here instead of https?
There was a problem hiding this comment.
I think it should be https only , because we want to explain why talking to proxy without https is not a security issue.
There was a problem hiding this comment.
You are right. I read it again, and it makes sense.
Documentation/proxy.md
Outdated
| a plaintext CONNECT handshake to establish a tunnel and does not support the | ||
| additional encryption required to secure the initial connection to the proxy | ||
| itself. We have an open [feature | ||
| request](https://github.com/grpc/grpc/issues/35372) for it and might support it |
There was a problem hiding this comment.
There is little chance of this feature request being implemented. But if by some miracle, it does get implemented, there is little chance of this documentation being updated at that point. I would suggest leaving this out.
Documentation/proxy.md
Outdated
| request](https://github.com/grpc/grpc/issues/35372) for it and might support it | ||
| in future. | ||
|
|
||
| Not using https to connect to HTTP CONNECT proxy does not compromise security. |
There was a problem hiding this comment.
You are right. I read it again, and it makes sense.
Documentation/proxy.md
Outdated
| The gRPC traffic is encrypted end-to-end between the client and the destination | ||
| server. The HTTP CONNECT proxy only sees the destination address and cannot |
There was a problem hiding this comment.
This isn't actually true with a plaintext connection, so we should be a little careful about what we're telling our users when it comes to security.
Documentation/proxy.md
Outdated
| specified by the environment variables `HTTPS_PROXY` and `NO_PROXY`. (Note that | ||
| these environment variables are case insensitive.) | ||
|
|
||
| **NOTE**: Talking to CONNECT proxies using https is not supported. gRPC performs |
There was a problem hiding this comment.
Nit: we might want to avoid anthropomorphizing words/phrases like "talking". Instead maybe Using CONNECT proxies via https is not supported.?
Documentation/proxy.md
Outdated
| request](https://github.com/grpc/grpc/issues/35372) for it and might support it | ||
| in future. | ||
|
|
||
| Not using https to talk to CONNECT proxy does not compromise security. |
There was a problem hiding this comment.
Same nit re: "talk". And grammar nit: "to CONNECT proxies" or "to a CONNECT proxy".
Fixes: grpc#8618 This PR improves the documentation for HTTP CONNECT proxy in `proxy.md` and clearly states that the connect from client to proxy through https is not supported and also mentioned that in case of TLS, it does not compromise security. RELEASE NOTES: None
4 participants
Fixes: #8618
This PR improves the documentation for HTTP CONNECT proxy in
proxy.mdand clearly states that the connect from client to proxy through https is not supported and also mentioned that in case of TLS, it does not compromise security.RELEASE NOTES: None