b3nw/zerogravity
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: standalone MITM — remove HTTPS_PROXY with iptables, fix is_agent detection

Browse Source 
- Only set HTTPS_PROXY/HTTP_PROXY when iptables UID isolation is NOT
  available. With iptables, double-proxying caused profile picture
  fetches to fail with 'lookup http' DNS errors.
- Fix is_agent detection: handle JSON with spaces after colons
  ("requestType": "agent" vs "requestType":"agent")
- Suppress wrapper-not-installed warning in standalone mode
- Show 'iptables (standalone)' in banner instead of 'not installed'
This commit is contained in:
Nikketryhard
2026-02-14 18:47:38 -06:00
parent f0c2574c88
commit e678ec655b
3 changed files with 19 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/standalone.rs
View File

@@ -143,6 +143,14 @@ impl StandaloneLS {
env_vars.push(("SSL_CERT_FILE".into(), combined_ca_path));
env_vars.push(("SSL_CERT_DIR".into(), "/dev/null".into()));
env_vars.push(("NODE_EXTRA_CA_CERTS".into(), mitm.ca_cert_path.clone()));
// Only set HTTPS_PROXY when iptables UID isolation is NOT available.
// With iptables, all outbound traffic is transparently redirected at the
// kernel level — setting HTTPS_PROXY on top causes double-proxying
// (profile picture fetches, etc. break with "lookup http" errors).
if !has_ls_user() {
env_vars.push(("HTTPS_PROXY".into(), format!("http://{}", mitm.proxy_addr)));
env_vars.push(("HTTP_PROXY".into(), format!("http://{}", mitm.proxy_addr)));
}
}
// Check if 'antigravity-ls' user exists for UID-scoped iptables isolation