Sanitize headers in Proxy Authentication Required responses

net/spdy/spdy_proxy_client_socket.cc

Index: net/spdy/spdy_proxy_client_socket.cc
diff --git a/net/spdy/spdy_proxy_client_socket.cc b/net/spdy/spdy_proxy_client_socket.cc
index afc19534c0526570bdfdcc4b76a8177d45ae589d..661cfd99a7be6a60fe18edb209d21d33a21160ee 100644
--- a/net/spdy/spdy_proxy_client_socket.cc
+++ b/net/spdy/spdy_proxy_client_socket.cc
@@ -414,20 +414,24 @@ int SpdyProxyClientSocket::DoReadReplyComplete(int result) {
     case 302:  // Found / Moved Temporarily
       // Try to return a sanitized response so we can follow auth redirects.
       // If we can't, fail the tunnel connection.
-      if (SanitizeProxyRedirect(&response_, request_.url)) {
-        redirect_has_load_timing_info_ =
-            spdy_stream_->GetLoadTimingInfo(&redirect_load_timing_info_);
-        // Note that this triggers a RST_STREAM_CANCEL.
-        spdy_stream_->DetachDelegate();
-        next_state_ = STATE_DISCONNECTED;
-        return ERR_HTTPS_PROXY_TUNNEL_RESPONSE;
-      } else {
+      if (!SanitizeProxyRedirect(&response_)) {
         LogBlockedTunnelResponse();
         return ERR_TUNNEL_CONNECTION_FAILED;
       }
 
+      redirect_has_load_timing_info_ =
+          spdy_stream_->GetLoadTimingInfo(&redirect_load_timing_info_);
+      // Note that this triggers a RST_STREAM_CANCEL.
+      spdy_stream_->DetachDelegate();
+      next_state_ = STATE_DISCONNECTED;
+      return ERR_HTTPS_PROXY_TUNNEL_RESPONSE;
+
     case 407:  // Proxy Authentication Required
       next_state_ = STATE_OPEN;
+      if (!SanitizeProxyAuth(&response_)) {
+        LogBlockedTunnelResponse();
+        return ERR_TUNNEL_CONNECTION_FAILED;
+      }
       return HandleProxyAuthChallenge(auth_.get(), &response_, net_log_);
 
     default: