Y
Hacker News
new
|
ask
|
show
|
jobs
by
andrewsomething
3626 days ago
A good non-technical explainer:
https://medium.com/@nzdominic/what-is-httpoxy-65a33a8a1f4d#....
1 comments
vbernat
3626 days ago
It says that API requests using TLS are not vulnerable. However, many applications won't do the appropriate certificate checking. If HTTP_PROXY is set to a mitm proxy, it can succeed.
link
kpcyrd
3626 days ago
The reason why they aren't affected is that you need to set HTTPS_PROXY for
https://
link
lucb1e
3626 days ago
I could imagine not all applications doing that, though.
link