From 9472b194838b7b0ad39628add7920b18aa518edb Mon Sep 17 00:00:00 2001 From: iain Date: Sat, 30 May 2026 10:10:05 +0200 Subject: [PATCH] fix(proxy): downgrade forwarded requests to HTTP/1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Over TLS the proxy negotiates HTTP/2 inbound via ALPN, but the upstream forward client connects to daemons over cleartext and the dev servers it targets speak HTTP/1.1. The request was forwarded still tagged HTTP/2, so the client attempted h2 to the backend and failed with UserUnsupportedVersion, surfacing as a 502 — every HTTP/1.1 backend (e.g. a Vite dev server) was unreachable through the HTTPS proxy. Normalize the request version to HTTP/1.1 before forwarding. --- src/proxy/server.rs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/proxy/server.rs b/src/proxy/server.rs index f43150a6..d130438a 100644 --- a/src/proxy/server.rs +++ b/src/proxy/server.rs @@ -1204,6 +1204,12 @@ async fn proxy_handler(State(state): State, mut req: Request) -> Res req.headers_mut().remove(&key); } + // Downgrade the forwarded request to HTTP/1.1. TLS connections negotiate + // HTTP/2 inbound via ALPN, but the upstream forward client speaks HTTP/1 to + // the daemon. Without this, the still-h2-tagged request is rejected by the + // client with `UserUnsupportedVersion`, surfacing as a 502 to the browser. + *req.version_mut() = axum::http::Version::HTTP_11; + // Extract the client-side OnUpgrade handle *before* consuming req let client_upgrade = hyper::upgrade::on(&mut req);