reverseproxy: re-apply WebSocket header normalization after header ops

When transport or user header ops are configured, proxyLoopIteration
rebuilds r.Header from scratch using copyHeader. copyHeader calls
http.Header.Add internally which canonicalizes header names via
CanonicalHeaderKey — this lowercases the 'S' in WebSocket, turning
"Sec-WebSocket-Key" into "Sec-Websocket-Key".

normalizeWebsocketHeaders was already called in prepareRequest to fix
this, but the subsequent header rebuild in proxyLoopIteration undoes
it. Calling normalizeWebsocketHeaders again after the rebuild restores
the RFC 6455-compliant casing for all Sec-WebSocket-* headers.

Fixes #7784
This commit is contained in:
SapirBaruch 2026-06-01 21:33:30 +03:00
parent 0e8eb41b87
commit 8ccfcbc571

View file

@ -695,6 +695,7 @@ func (h *Handler) proxyLoopIteration(r *http.Request, origReq *http.Request, w h
if userOps != nil {
userOps.ApplyToRequest(r)
}
normalizeWebsocketHeaders(r.Header)
}
// proxy the request to that upstream