Using a system-configured HTTP proxy with a Network.framework WebSocket client

Question

Created Jul ’21

Replies 3

Boosts 0

Participants 3

Hi,

I maintain a WebSocket client library based on Network.framework, which we use internally at my place of work for a WebSocket product.

We've had a customer report that iOS device HTTP proxy settings aren't respected when a WebSocket connection is established. Specifically, they were able to reproduce the issue by setting up an iPad to connect to Wi-Fi via a HTTP proxy then trying to start a connection using our product. This connection doesn't use the configured proxy, so if the device doesn't also have a direct internet connection the WebSocket connection fails.

When our Support team tested internally, they could replicate this issue using mitmproxy. In the mitmproxy logs we did see an initial request made, but didn't see any WebSocket traffic, or HTTP upgrade requests which are present when we do the same using our other libraries for other non-Apple platforms.

I am aware that in theory, Network.framework should respect device HTTP proxy settings (as set in the connection settings within Settings.app on iOS for example), so have I misconfigured something in my WebSocket client implementation based on NWConnection and NWListener or are there some additional steps required to get this behaviour?

Boost

Answer 1

Systems Engineer OP

Apple

Jul ’21

Specifically, they were able to reproduce the issue by setting up an iPad to connect to Wi-Fi via a HTTP proxy then trying to start a connection using our product. This connection doesn't use the configured proxy, so if the device doesn't also have a direct internet connection the WebSocket connection fails.

Hard to say specifically what is happening here. One thing that I can say is that NWConnection does not support upgrading the connection mid-stream and so this may be what is happening here if the connection is being upgraded as opposed to being opened initially with wss. If this is the case then I would open an enhancement request to support this functionality. If this is not the case then you can also open a TSI and I can take a deeper look.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 2

danpusher OP

Jul ’21

Thanks for the prompt reply. I can confirm that the NWConnection WebSocket connection is being opened directly via a wss URL, with no upgrades from a HTTP request (so that was a red herring on my part just paraphrasing from our Support comms when comparing with our other platform libraries). So, I think I'll open a TSI if I can't progress this myself.

0

Answer 3

frankscx OP

Apr ’24

I am facing the same problem when using Charles/Proxyman tools, were you able to find a solution?

0