fix: ignore Content-Length/Transfer-Encoding in CONNECT 2xx proxy responses (RFC-9110)

[OfekDanny]

Summary

Per RFC-9110 §9.3.6:

A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT.

When a proxy server returns a 200 Connection established response with a Content-Length header, aiohttp's HTTP parser attempts to read that many bytes as a response body. This corrupts the tunnel and causes the subsequent TLS handshake to fail.

The fix adds skip_payload=True to the set_response_params call used when reading the CONNECT response, which instructs the HTTP parser to treat the response as having no body regardless of any framing headers.

Changes

• aiohttp/connector.py: add skip_payload=True to CONNECT response parsing
• tests/test_proxy.py: add regression test (test_https_connect_skip_payload_on_200) that verifies set_response_params is called with skip_payload=True

Fixes #8472

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 98.92%. Comparing base (24ed3b3) to head (86ea5fb).
⚠️ Report is 2 commits behind head on master.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@           Coverage Diff           @@
##           master   #12397   +/-   ##
=======================================
  Coverage   98.92%   98.92%           
=======================================
  Files         134      134           
  Lines       46616    46639   +23     
  Branches     2429     2430    +1     
=======================================
+ Hits        46114    46137   +23     
  Misses        373      373           
  Partials      129      129           

Flag	Coverage Δ
CI-GHA	98.98% <100.00%> (+<0.01%)	⬆️
OS-Linux	98.72% <100.00%> (+<0.01%)	⬆️
OS-Windows	96.99% <100.00%> (+<0.01%)	⬆️
OS-macOS	97.89% <100.00%> (+<0.01%)	⬆️
Py-3.10.11	97.39% <100.00%> (+<0.01%)	⬆️
Py-3.10.20	97.86% <100.00%> (+<0.01%)	⬆️
Py-3.11.15	98.10% <100.00%> (-0.02%)	⬇️
Py-3.11.9	97.65% <100.00%> (+<0.01%)	⬆️
Py-3.12.10	97.73% <100.00%> (+<0.01%)	⬆️
Py-3.12.13	98.20% <100.00%> (-0.01%)	⬇️
Py-3.13.13	98.45% <100.00%> (+<0.01%)	⬆️
Py-3.14.4	98.50% <100.00%> (-0.01%)	⬇️
Py-3.14.4t	97.51% <100.00%> (+<0.01%)	⬆️
Py-pypy3.11.15-7.3.21	97.34% <100.00%> (-0.01%)	⬇️
VM-macos	97.89% <100.00%> (+<0.01%)	⬆️
VM-ubuntu	98.72% <100.00%> (+<0.01%)	⬆️
VM-windows	96.99% <100.00%> (+<0.01%)	⬆️
cython-coverage	38.17% <0.00%> (-0.02%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[codspeed-hq]

Merging this PR will not alter performance

✅ 67 untouched benchmarks
⏩ 4 skipped benchmarks¹

---

_{Comparing OfekDanny:fix/connect-proxy-skip-body (86ea5fb) with master (24ed3b3)²}

Footnotes

1. 4 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on master (3bfd03a) during the generation of this report, so 24ed3b3 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[Dreamsorcerer]

The test doesn't seem to validate any of this. It just verifies the function is called with the given arguments.