fix: support corporate proxies during wizard login#493
Draft
posthog[bot] wants to merge 1 commit into
Draft
Conversation
Users behind a corporate HTTP/HTTPS proxy could hit an uncaught `AssertionError: protocol mismatch` from follow-redirects (surfaced via axios) during OAuth login, crashing the process before any PostHog integration work could begin. The crash originated in `exchangeCodeForToken`, which POSTs to `https://oauth.posthog.com/oauth/token` with no proxy-aware request configuration. axios's built-in proxy resolution mis-detects the request protocol when an HTTPS target is routed through an HTTP proxy, tripping follow-redirects' `assert.equal(options.protocol, protocol)` check. Changes: - Add `src/utils/proxy.ts`: `getProxyRequestConfig(url)` resolves the proxy from `HTTP_PROXY`/`HTTPS_PROXY`/`NO_PROXY` (via proxy-from-env), hands axios an explicit proxy agent and disables axios's own proxy handling (`proxy: false`) so follow-redirects always sees a consistent protocol. Returns an empty config when no proxy applies, leaving the common case untouched. - Apply the helper across the login chain (`getOrAskForProjectData`): the OAuth token exchange, region detection (`detectRegionFromToken`), and the user/project API calls — so onboarding actually works end-to-end behind a proxy rather than just relocating the crash to the next request. - Catch a residual `protocol mismatch` error in `performOAuthFlow` and report friendly proxy guidance via `getUI().log.error` instead of crashing. - Add jest babel transforms for the ESM-only proxy-agent packages and a local type declaration for proxy-from-env (v2 ships no types). - Unit tests for the proxy helper (env resolution, NO_PROXY, agent selection, error detection). Generated-By: PostHog Code Task-Id: a55b2457-e99e-4f9e-b43b-e13d43d38444
🧙 Wizard CIRun the Wizard CI and test your changes against wizard-workbench example apps by replying with a GitHub comment using one of the following commands: Test all apps:
Test all apps in a directory:
Test an individual app:
Show more apps
Results will be posted here when complete. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Users behind a corporate HTTP/HTTPS proxy can hit an uncaught crash during wizard login, fully blocking onboarding before any PostHog integration work begins.
An error-tracking issue (
AssertionError: protocol mismatch) was reported on 2026-06-01. The stack trace runsexchangeCodeForToken→performOAuthFlow→askForWizardLogin→getOrAskForProjectData, then into axios and follow-redirects.Root cause:
exchangeCodeForToken(src/utils/oauth.ts) POSTs tohttps://oauth.posthog.com/oauth/tokenwith no proxy-aware request configuration. axios pins1.7.4, and its built-in proxy resolution mis-detects the resolved request protocol when an HTTPS target is routed through an HTTP proxy — tripping follow-redirects'assert.equal(options.protocol, protocol, "protocol mismatch"). The assertion escapes as an unhandled rejection rather than a friendly auth error.Changes
src/utils/proxy.ts(new):getProxyRequestConfig(url)resolves the proxy fromHTTP_PROXY/HTTPS_PROXY/NO_PROXY(viaproxy-from-env, honouring casing variants andNO_PROXY), hands axios an explicit proxy agent, and disables axios's own proxy handling withproxy: falseso follow-redirects always sees a consistent protocol. Returns an empty config when no proxy applies, leaving the common (proxy-less) path unchanged.getOrAskForProjectData): the OAuth token exchange (oauth.ts), region detection (urls.tsdetectRegionFromToken), and the user/project API calls (api.ts). This makes onboarding work end-to-end behind a proxy instead of just relocating the crash to the next axios call.performOAuthFlownow catches a residualprotocol mismatcherror and reports actionable proxy guidance throughgetUI().log.errorinstead of crashing the process.transformIgnorePatterns) and a local type declaration forproxy-from-env(v2 ships no types).Test plan
pnpm build(incl. smoke test) ✅pnpm test— 651 passed ✅ (addedsrc/utils/__tests__/proxy.test.tscovering env resolution,NO_PROXY, https/http agent selection, andprotocol mismatchdetection)pnpm lint— 0 errors ✅Created with PostHog Code