Willy,
On 6/8/21 8:37 AM, Willy Tarreau wrote:
However the only difference is the 443 port explicitly specified in the
later request.
I am not sure it's something specific to 2.4.0, but I've never seen it
before.
Is it an expected behaviour ? If so, how can I change my acls to correct
it ?
I encountered the same issue (incidentally also with socket.io). It's
happening for WebSockets via HTTP/2. These are newly supported starting with
HAProxy 2.4. The "broken" requests are most likely Firefox, while the
working ones are not Firefox. I already have a private email thread with a
few developers regarding this behavior.
So I had some thoughts about that discussion that started off-list. And
now I think that the right thing to do is to always drop the port part
of the authority when we have a scheme for which it's the default. I.e.
if the scheme is "http" we drop ":80", and if the scheme is "https" we
drop ":443". This will always be consistent with the standards, and by
doing it early (i.e. during conversion to HTX) we're certain to address
both the conversion of CONNECT to GET+Upgrade, and the hdr(host) match.
Is this still on your radar? Should I file an issue for that?
Best regards
Tim Düsterhus
