Fix isOnline() to fall back to HTTP HEAD when DNS fails behind proxy

In enterprise proxy environments, the client machine may not resolve
external DNS directly — DNS resolution is handled by the proxy server.
The existing DNS-only check in isOnline() would incorrectly report the
machine as offline, causing unnecessary fallback to cached/offline installs.

When DNS resolution fails and the axios client is available, isOnline()
now attempts a lightweight HEAD request to www.microsoft.com through the
auto-detected (or manually configured) proxy. This ensures connectivity
is correctly detected in proxy environments while keeping DNS as the
fast-path for non-proxy setups.

Refactors GetProxyAgentIfNeeded by extracting proxy resolution into a
standalone getProxyAgent method that does not depend on IAcquisitionWorkerContext.
This allows isOnline and other callers without a full context to reuse
the same proxy detection logic without duplication.

Fixes #2594

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: nagilson

vscode-dotnet-runtime-library/src/Utils/WebRequestWorkerSingleton.ts

@@ -281,7 +281,7 @@ export class WebRequestWorkerSingleton
         // ... 100 ms is there as a default to prevent the dns resolver from throwing a runtime error if the user sets timeoutSeconds to 0.
 
         const dnsResolver = new dns.promises.Resolver({ timeout: expectedDNSResolutionTimeMs });
-        const couldConnect = await dnsResolver.resolve(microsoftServerHostName).then(() =>
+        const dnsOnline = await dnsResolver.resolve(microsoftServerHostName).then(() =>
         {
             return true;
         }).catch((error: any) =>
@@ -290,7 +290,46 @@ export class WebRequestWorkerSingleton
             return false;
         });
 
-        return couldConnect;
+        if (dnsOnline)
+        {
+            return true;
+        }
+
+        // DNS failed — but in proxy environments, the proxy handles DNS resolution, so direct DNS lookups may fail
+        // even though HTTP connectivity works fine. Fall back to a lightweight HEAD request through the proxy-configured client.
+        if (this.client)
+        {
+            const httpFallbackTimeoutMs = Math.max(timeoutSec * 1000, 2000);
+            const proxyAgent = await this.getProxyAgent(undefined, eventStream);
+
+            const headOptions: object = {
+                timeout: httpFallbackTimeoutMs,
+                cache: false,
+                ...(proxyAgent !== null && { proxy: false }),
+                ...(proxyAgent !== null && { httpsAgent: proxyAgent }),
+            };
+
+            const headOnline = await this.client.head(`https://${microsoftServerHostName}`, headOptions)
+                .then((response) =>
+                {
+                    return response.status >= 200 && response.status < 500; // Any server response means we're online
+                })
+                .catch(() =>
+                {
+                    return false;
+                });
+
+            if (headOnline)
+            {
+                eventStream.post(new OfflineDetectionLogicTriggered(new EventCancellationError('DnsFailedButHttpSucceeded',
+                    `DNS resolution failed but HTTP HEAD request succeeded. This may indicate a proxy is handling DNS.`),
+                    `DNS failed but HTTP connectivity confirmed via HEAD request to ${microsoftServerHostName}.`));
+            }
+
+            return headOnline;
+        }
+
+        return false;
     }
     /**
      *
@@ -321,11 +360,22 @@ export class WebRequestWorkerSingleton
     }
 
     private async GetProxyAgentIfNeeded(ctx: IAcquisitionWorkerContext): Promise<HttpsProxyAgent<string> | null>
+    {
+        return this.getProxyAgent(ctx.proxyUrl, ctx.eventStream);
+    }
+
+    /**
+     * Resolves a proxy agent from the manual proxy URL or auto-detected system proxy settings.
+     * Decoupled from IAcquisitionWorkerContext so it can be used by isOnline and other callers that don't have a full context.
+     */
+    private async getProxyAgent(manualProxyUrl?: string, eventStream?: IEventStream): Promise<HttpsProxyAgent<string> | null>
     {
         try
         {
+            const hasManualProxy = manualProxyUrl ? manualProxyUrl !== '""' : false;
+
             let discoveredProxy = '';
-            if (!this.proxySettingConfiguredManually(ctx))
+            if (!hasManualProxy)
             {
                 const autoDetectProxies = await getProxySettings();
                 if (autoDetectProxies?.https)
@@ -338,17 +388,17 @@ export class WebRequestWorkerSingleton
                 }
             }
 
-            if (this.proxySettingConfiguredManually(ctx) || discoveredProxy)
+            if (hasManualProxy || discoveredProxy)
             {
-                const finalProxy = ctx?.proxyUrl && ctx?.proxyUrl !== '""' && ctx?.proxyUrl !== '' ? ctx.proxyUrl : discoveredProxy;
-                ctx.eventStream.post(new ProxyUsed(`Utilizing the Proxy : Manual ? ${ctx?.proxyUrl}, Automatic: ${discoveredProxy}, Decision : ${finalProxy}`))
+                const finalProxy = manualProxyUrl && manualProxyUrl !== '""' && manualProxyUrl !== '' ? manualProxyUrl : discoveredProxy;
+                eventStream?.post(new ProxyUsed(`Utilizing the Proxy : Manual ? ${manualProxyUrl}, Automatic: ${discoveredProxy}, Decision : ${finalProxy}`))
                 const proxyAgent = new HttpsProxyAgent(finalProxy);
                 return proxyAgent;
             }
         }
         catch (error: any)
         {
-            ctx.eventStream.post(new SuppressedAcquisitionError(error, `The proxy lookup failed, most likely due to limited registry access. Skipping automatic proxy lookup.`));
+            eventStream?.post(new SuppressedAcquisitionError(error, `The proxy lookup failed, most likely due to limited registry access. Skipping automatic proxy lookup.`));
         }
 
         return null;
@@ -485,11 +535,6 @@ If you're on a proxy and disable registry access, you must set the proxy in our
         }
     }
 
-    private proxySettingConfiguredManually(ctx: IAcquisitionWorkerContext): boolean
-    {
-        return ctx?.proxyUrl ? ctx?.proxyUrl !== '""' : false;
-    }
-
     private timeoutMsFromCtx(ctx: IAcquisitionWorkerContext): number
     {
         return ctx?.timeoutSeconds * 1000;