From 703cb4adaf682593dfea82e69a25d96ef9899f1c Mon Sep 17 00:00:00 2001
From: Andrew Gaul <andrew@gaul.org>
Date: Sun, 20 Aug 2017 21:57:07 -0700
Subject: [PATCH] Check HTTP auth before allowing CONNECT

---
 proxy/proxy.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/proxy/proxy.go b/proxy/proxy.go
index 6ec19d1..52659cf 100644
--- a/proxy/proxy.go
+++ b/proxy/proxy.go
@@ -82,10 +82,6 @@ func (p *Proxy) checkHttpBasicAuth(auth string) bool {
 }
 
 func (p *Proxy) handle(w http.ResponseWriter, r *http.Request) error {
-	if r.Method == "CONNECT" {
-		return p.handleConnect(w, r)
-	}
-
 	// TODO: only HTTPS?
 	if p.user != "" {
 		if !p.checkHttpBasicAuth(r.Header.Get("Proxy-Authorization")) {
@@ -95,6 +91,10 @@ func (p *Proxy) handle(w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	if r.Method == "CONNECT" {
+		return p.handleConnect(w, r)
+	}
+
 	resp, err := forward(r)
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)