From cd6dc0a3f0b4a31d49fca1c7c0a3a030899c375d Mon Sep 17 00:00:00 2001
From: HereC <ebeland@gmail.com>
Date: Thu, 30 May 2019 22:22:46 -0400
Subject: [PATCH] Bring in cred leakage fix

---
 .../src/main/java/com/browserup/bup/BrowserUpProxyServer.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/browserup-proxy-core/src/main/java/com/browserup/bup/BrowserUpProxyServer.java b/browserup-proxy-core/src/main/java/com/browserup/bup/BrowserUpProxyServer.java
index 4fb3f9e94..90c2c8739 100644
--- a/browserup-proxy-core/src/main/java/com/browserup/bup/BrowserUpProxyServer.java
+++ b/browserup-proxy-core/src/main/java/com/browserup/bup/BrowserUpProxyServer.java
@@ -376,7 +376,9 @@ public void filterRequest(HttpObject httpObject) {
                                 String chainedProxyAuth = chainedProxyCredentials;
                                 if (chainedProxyAuth != null) {
                                     if (httpObject instanceof HttpRequest) {
-                                        HttpHeaders.addHeader((HttpRequest)httpObject, HttpHeaderNames.PROXY_AUTHORIZATION, "Basic " + chainedProxyAuth);
+                                        if(ProxyUtils.isCONNECT(httpObject) || !((HttpRequest) httpObject).uri().startsWith("/")) {
+                                            HttpHeaders.addHeader((HttpRequest) httpObject, HttpHeaderNames.PROXY_AUTHORIZATION, "Basic " + chainedProxyAuth);
+                                        }
                                     }
                                 }
                             }