Prioritise the explicit tunnel destination over headers

pimterry · pimterry · commit 5a2dc064844b · 2025-04-30T15:24:41.000+02:00
If you connect, request to talk to A.host and then send a request, we
should assume you wanted to send it to A.host (even if the host header
is different - there are some interesting &amp; unusual testing cases where
this is actively desireable, e.g. testing a server before updating the
DNS.
diff --git a/src/server/mockttp-server.ts b/src/server/mockttp-server.ts
@@ -50,6 +50,7 @@ import {
     buildSocketEventData,
     ClientErrorInProgress,
     LastHopEncrypted,
+    LastTunnelAddress,
     TlsSetupCompleted,
     isSocketLoop,
     resetOrDestroy
@@ -66,6 +67,7 @@ import {
 } from "../util/request-utils";
 import { asBuffer } from "../util/buffer-utils";
 import {
+    getHeaderValue,
     pairFlatRawHeaders,
     rawHeadersToObject
 } from "../util/header-utils";
@@ -566,6 +568,10 @@ export class MockttpServer extends AbstractMockttp implements Mockttp {
         });
     }
 
+    /**
+     * For both normal requests & websockets, we do some standard preprocessing to ensure we have the absolute
+     * URL destination in place, and timing, tags & id metadata all ready for an OngoingRequest.
+     */
     private preprocessRequest(req: ExtendedRawRequest, type: 'request' | 'websocket'): OngoingRequest {
         parseRequestBody(req, { maxSize: this.maxBodySize });
 
@@ -576,7 +582,10 @@ export class MockttpServer extends AbstractMockttp implements Mockttp {
                 (req.socket[LastHopEncrypted] ? 'https' : 'http');
             req.path = req.url;
 
-            const host = req.headers[':authority'] || req.headers['host'];
+            const host = req.socket[LastTunnelAddress] // If you explicitly tunnel to a host, that's the host
+                ?? getHeaderValue(req.headers, ':authority') // Otherwise, we infer based on headers: HTTP/2
+                ?? getHeaderValue(req.headers, 'host');      // or HTTP/1.1
+
             const absoluteUrl = `${req.protocol}://${host}${req.path}`;
 
             if (!req.headers[':path']) {
diff --git a/test/integration/proxying/socks-proxying.spec.ts b/test/integration/proxying/socks-proxying.spec.ts
@@ -134,5 +134,32 @@ nodeOnly(() => {
             expect(body.toString()).to.equal("Hello world!");
         });
 
+        it("should use the SOCKS destination over the Host header", async () => {
+            await remoteServer.forGet("/").thenReply(200, "Hello world!");
+            await server.forAnyRequest().thenPassThrough();
+
+            const socksConn = await SocksClient.createConnection({
+                proxy: {
+                    host: '127.0.0.1',
+                    port: server.port,
+                    type: 5
+                },
+                command: 'connect',
+                destination: {
+                    host: 'localhost',
+                    port: remoteServer.port
+                }
+            });
+
+            const response = await h1RequestOverSocket(socksConn.socket, remoteServer.url, {
+                headers: {
+                    Host: "invalid.example" // This should be ignored - tunnel sets destination
+                }
+            });
+            expect(response.statusCode).to.equal(200);
+            const body = await streamToBuffer(response);
+            expect(body.toString()).to.equal("Hello world!");
+        });
+
     });
 });
