1 files changed, 5 insertions, 43 deletions

diff --git a/ipn/ipnserver/proxyconnect.go b/ipn/ipnserver/proxyconnect.go
index eb8c55991..cab603ba2 100644
--- a/ipn/ipnserver/proxyconnect.go
+++ b/ipn/ipnserver/proxyconnect.go
@@ -6,11 +6,11 @@
 package ipnserver
 
 import (
-	"io"
 	"net"
 	"net/http"
 
 	"tailscale.com/logpolicy"
+	"tailscale.com/net/httpconnect"
 )
 
 // handleProxyConnectConn handles a CONNECT request to
@@ -23,51 +23,13 @@ import (
 // precludes that from working and instead the GUI fails to dial out.
 // So, go through tailscaled (with a CONNECT request) instead.
 func (s *Server) handleProxyConnectConn(w http.ResponseWriter, r *http.Request) {
-	ctx := r.Context()
 	if r.Method != "CONNECT" {
 		panic("[unexpected] miswired")
 	}
-
-	hostPort := r.RequestURI
 	logHost := logpolicy.LogHost()
-	allowed := net.JoinHostPort(logHost, "443")
-	if hostPort != allowed {
-		s.logf("invalid CONNECT target %q; want %q", hostPort, allowed)
-		http.Error(w, "Bad CONNECT target.", http.StatusForbidden)
-		return
-	}
-
-	tr := logpolicy.NewLogtailTransport(logHost)
-	back, err := tr.DialContext(ctx, "tcp", hostPort)
-	if err != nil {
-		s.logf("error CONNECT dialing %v: %v", hostPort, err)
-		http.Error(w, "Connect failure", http.StatusBadGateway)
-		return
-	}
-	defer back.Close()
-
-	hj, ok := w.(http.Hijacker)
-	if !ok {
-		http.Error(w, err.Error(), http.StatusInternalServerError)
-		return
-	}
-	c, br, err := hj.Hijack()
-	if err != nil {
-		s.logf("CONNECT hijack: %v", err)
-		return
+	connect := &httpconnect.Connect{
+		Dialer:     logpolicy.NewLogtailTransport(logHost).DialContext,
+		AllowedURI: net.JoinHostPort(logHost, "443"),
 	}
-	defer c.Close()
-
-	io.WriteString(c, "HTTP/1.1 200 OK\r\n\r\n")
-
-	errc := make(chan error, 2)
-	go func() {
-		_, err := io.Copy(c, back)
-		errc <- err
-	}()
-	go func() {
-		_, err := io.Copy(back, br)
-		errc <- err
-	}()
-	<-errc
+	connect.Handle(w, r)
 }