containers: Fix up the allowHosts not being defined in constructor and add a test

Author: gabivlj

examples/core-tests/container_src/server.js

@@ -1,6 +1,49 @@
-import { createServer } from 'http';
+import { createServer, get } from 'http';
+import { get as httpsGet } from 'https';
 
 const server = createServer(function (req, res) {
+  const url = new URL(req.url, 'http://localhost:8080');
+
+  // Outbound HTTP proxy: the container makes an HTTP request to the given host.
+  // This lets tests verify egress interception from outside.
+  const proxyTarget = url.searchParams.get('proxy');
+  if (proxyTarget) {
+    get('http://' + proxyTarget, proxyRes => {
+      let body = '';
+      proxyRes.on('data', chunk => {
+        body += chunk;
+      });
+      proxyRes.on('end', () => {
+        res.writeHead(proxyRes.statusCode, { 'Content-Type': 'text/plain' });
+        res.end(body);
+      });
+    }).on('error', err => {
+      res.writeHead(520, { 'Content-Type': 'text/plain' });
+      res.end('proxy error: ' + err.message);
+    });
+    return;
+  }
+
+  // Outbound HTTPS proxy: uses NODE_EXTRA_CA_CERTS (set via env) to trust
+  // the Cloudflare containers CA for intercepted HTTPS.
+  const proxyHttpsTarget = url.searchParams.get('proxy_https');
+  if (proxyHttpsTarget) {
+    httpsGet('https://' + proxyHttpsTarget, proxyRes => {
+      let body = '';
+      proxyRes.on('data', chunk => {
+        body += chunk;
+      });
+      proxyRes.on('end', () => {
+        res.writeHead(proxyRes.statusCode, { 'Content-Type': 'text/plain' });
+        res.end(body);
+      });
+    }).on('error', err => {
+      res.writeHead(520, { 'Content-Type': 'text/plain' });
+      res.end('proxy_https error: ' + err.message);
+    });
+    return;
+  }
+
   if (req.url?.startsWith('/containerFetchNoContent')) {
     res.writeHead(204);
     res.end();