From eae04c41e54a91531536191644254e0915d7cd6d Mon Sep 17 00:00:00 2001
From: rssprivacy-commits <rssprivacy@gmail.com>
Date: Wed, 29 Apr 2026 03:29:16 +0800
Subject: [PATCH] feat(browse): Honor HTTPS_PROXY/HTTP_PROXY env for chromium
 launch
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Playwright's chromium.launch() does not auto-read HTTPS_PROXY/HTTP_PROXY
environment variables — they must be passed explicitly via the `proxy`
launch option. Without this, users behind a corporate/VPN proxy see
ERR_TUNNEL_CONNECTION_FAILED or ERR_SSL_UNRECOGNIZED_NAME_ALERT errors
when navigating to public URLs.

This change reads the system proxy from environment and passes it through
to Playwright's launch options. Backward-compatible: zero effect when no
proxy env vars are set.

Adds a new optional `BROWSE_PROXY` env var (takes priority over standard
HTTPS_PROXY) to support fakeip/TUN environments where the HTTP proxy
resolves DNS locally to fake addresses. Setting BROWSE_PROXY to a
socks5://host:port URL forces remote DNS resolution at the proxy,
bypassing the fake IP issue. Common scenario: mihomo/clash with
mixed-port + fakeip mode (the user must opt in via socks5:// URL).

Tested in a fakeip + mihomo mixed-port (1082) environment:
- HTTPS_PROXY=http://127.0.0.1:1082 → still fails (HTTP CONNECT carries
  fakeip in destination)
- BROWSE_PROXY=socks5://127.0.0.1:1082 → succeeds (SOCKS5 sends hostname,
  proxy resolves remotely)
---
 browse/src/browser-manager.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/browse/src/browser-manager.ts b/browse/src/browser-manager.ts
index a6eda991ba..95624e59ad 100644
--- a/browse/src/browser-manager.ts
+++ b/browse/src/browser-manager.ts
@@ -169,6 +169,18 @@ export class BrowserManager {
       console.log(`[browse] Extensions loaded from: ${extensionsDir}`);
     }
 
+    // Honor system proxy env vars for users behind a corporate or VPN proxy.
+    // Playwright's chromium.launch() does not auto-read these — must be passed
+    // explicitly via the `proxy` launch option.
+    //   BROWSE_PROXY  — explicit override (e.g. socks5://host:port for remote DNS)
+    //   HTTPS_PROXY   — standard system HTTPS proxy
+    //   HTTP_PROXY    — standard system HTTP proxy
+    // BROWSE_PROXY exists for fakeip/TUN environments where the system HTTP
+    // proxy resolves DNS locally to fake addresses; using socks5:// forces
+    // remote DNS resolution at the proxy, bypassing the fake IP.
+    const proxyServer = process.env.BROWSE_PROXY || process.env.HTTPS_PROXY || process.env.HTTP_PROXY;
+    const proxyBypass = process.env.NO_PROXY;
+
     this.browser = await chromium.launch({
       headless: useHeadless,
       // On Windows, Chromium's sandbox fails when the server is spawned through
@@ -176,6 +188,7 @@ export class BrowserManager {
       // browsing user-specified URLs has marginal sandbox benefit.
       chromiumSandbox: process.platform !== 'win32',
       ...(launchArgs.length > 0 ? { args: launchArgs } : {}),
+      ...(proxyServer ? { proxy: { server: proxyServer, ...(proxyBypass ? { bypass: proxyBypass } : {}) } } : {}),
     });
 
     // Chromium crash → exit with clear message