Skip to content

[codex] Keep auth preflight rule internal#341

Draft
ifer47 wants to merge 1 commit into
zero-peak:masterfrom
ifer47:codex/prevent-auth-preflight-rule-leak
Draft

[codex] Keep auth preflight rule internal#341
ifer47 wants to merge 1 commit into
zero-peak:masterfrom
ifer47:codex/prevent-auth-preflight-rule-leak

Conversation

@ifer47

@ifer47 ifer47 commented Jun 30, 2026

Copy link
Copy Markdown

What changed

Fixes #214.

The Chrome settings proxy backend used to insert the internal proxy-auth preflight rule directly into the active SwitchProfile before generating the PAC script, then remove it in finally. That made the internal preflight-auth.non-existent-website.zzzzzzzzeroomega.zero rule observable by other code while the profile was being applied.

This changes the preflight path to clone the profile first, add the probe rule only to that clone, and generate the PAC script from the clone. The user's profile object is never mutated by the internal auth probe.

Why

The preflight rule is an implementation detail for triggering proxy authentication. It should not be visible to the options UI, sync/storage code, temp-rule state, or any rule-adding flow. Keeping it out of the real profile prevents it from leaking into Auto Switch rules.

Validation

  • coffeelint.cmd src/module/proxy/proxy_impl_settings.coffee test/proxy_impl_settings.coffee from omega-target-chromium-extension
  • omega-target-chromium-extension/test/proxy_impl_settings.coffee: 1 passing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

auto add auto-switch rule for domain preflight-auth.non-existent-website.zzzzzzzzeroomega.zero

1 participant