Do not always act as system proxy

[ohaucke]

Currently, if you run devproxy on windows, it will always act as a system proxy.
Even though it's on explicit endpoints, it's not always desired.

See: https://github.com/microsoft/dev-proxy/blob/c74843f3a30c46577dfd7b804ea032626711bab9/dev-proxy/ProxyEngine.cs#L122C48-L122C65

My suggestion would be to add an additional option to not act as system proxy.
This way the user can decide which applications should be routed through the proxy (and you don't get asked to install the certificate).

[waldekmastykarz]

Thanks for the suggestion @ohaucke. I think this is a good idea. We'll need to see if the underlying proxy API that we're using, lets us do this.

As for prompting for installing and registering the certificate, I think that's separate from system-wide proxy registration. If you don't install and trust the cert, you wouldn't be able to decrypt HTTPS traffic. Could you elaborate a bit why you think you'd like to skip it?

[ohaucke]

If you are interested, i could create a PR for that.
I just wanted to check beforehand if that "feature" would be appreciated.

For the implementation:
All we need would be an additional condition in line 119 and 124, something like this:

if (RunTime.IsWindows && _config.ActAsSystemProxy)
{
    // Only explicit proxies can be set as system proxy!
    _proxyServer.SetAsSystemHttpsProxy(_explicitEndPoint);
}
else if (RunTime.IsMac && _config.ActAsSystemProxy)
{
    ToggleSystemProxy(ToggleSystemProxyAction.On, _config.IPAddress, _config.Port);
}
else
{
    _logger.LogWarn("Configure your operating system to use this proxy's port and address");
}

The prompt for installing the certificate is handled by _proxyServer.SetAsSystemHttpsProxy which executes CertificateManager.EnsureRootCertificate(); in titanium web proxy.

You are not required to install the certificate to decrypt the traffic if you ignore tls-errors in the application you are writing (Example: ServerCertificateCustomValidationCallback = delegate { return true; } - FYI: i only set that in debug builds).

I just try to avoid installing additional root certificates.

[waldekmastykarz]

I appreciate your suggestion and explanation @ohaucke. I suggest, that we'd adjust your proposed change a bit so that we check for the config only once, eg:

if (_config.ActAsSystemProxy)
{
  if (RunTime.IsWindows) ....
}

We'd also do the same check when closing proxy and cleaning up system proxy settings.

@garrytrinder, any additional considerations before we proceed?

[ohaucke]

Sounds good to me 👍
i usually try to avoid nested if statements but that's just me 😆

[waldekmastykarz]

In this case, I prefer nesting so that we can manage the behavior in one place and avoid inconsistencies.

[waldekmastykarz]

To make it work consistently on macOS, we'd also need to factor in:

• explicit cert registration: https://github.com/microsoft/dev-proxy/blob/3344bb86246a81704cad1954eec5f528f6d574aa/dev-proxy/ProxyEngine.cs#L98-L106
• first-time setup: https://github.com/microsoft/dev-proxy/blob/3344bb86246a81704cad1954eec5f528f6d574aa/dev-proxy/ProxyEngine.cs#L155-L162

[garrytrinder]

@garrytrinder, any additional considerations before we proceed?

Nothing to add.

[waldekmastykarz]

In that case, all yours @ohaucke if you're still interested to work on it 😊