On Mon, Jun 07, 2021 at 07:13:43PM +0200, t...@bastelstu.be wrote: > Artur, > > [cc'ing Amaury] > > Am 2021-06-07 16:46, schrieb Artur: > > However the only difference is the 443 port explicitly specified in the > > later request. > > I am not sure it's something specific to 2.4.0, but I've never seen it > > before. > > Is it an expected behaviour ? If so, how can I change my acls to correct > > it ? > > I encountered the same issue (incidentally also with socket.io). It's > happening for WebSockets via HTTP/2. These are newly supported starting with > HAProxy 2.4. The "broken" requests are most likely Firefox, while the > working ones are not Firefox. I already have a private email thread with a > few developers regarding this behavior.
So I had some thoughts about that discussion that started off-list. And now I think that the right thing to do is to always drop the port part of the authority when we have a scheme for which it's the default. I.e. if the scheme is "http" we drop ":80", and if the scheme is "https" we drop ":443". This will always be consistent with the standards, and by doing it early (i.e. during conversion to HTX) we're certain to address both the conversion of CONNECT to GET+Upgrade, and the hdr(host) match. We need to be careful when re-emitting a CONNECT request however, as the port is mandatory with it. But normally with this we should be fine and we should avoid any dirty hack in the middle. Willy