Handling of per-route external proxy setting broken
Problem
API Security allows setting an external proxy via the configuration file. API Security allows multiple routes to exist with different external proxy settings. However, the networking code doesn't take this into account and uses a single instance of HttpConnectionSettings
. If multiple routes exist with differing values for external proxy, there is race for the winner. This can cause unintentional usage of a proxy setting during testing.
The actual user impact is minimal because we do not have this documented or exposed as a variable. The user would need to know to set it and create a custom configuration file.
Edited by Michael Eddington