-
Bug
-
Resolution: Won't Do
-
Undefined
-
None
-
4.10.z
-
None
-
Moderate
-
Sprint 223
-
1
-
False
-
Description of problem: With HTTP2 enabled, routes using reencrypt can't use websockets
Version-Release number of selected component (if applicable): 4.10.25, 4.10.27, 4.11
How reproducible: 100%
Steps to Reproduce:
1. Create a namespace
2. Deploy reproducer
a. oc process -p NAMESPACE=default -f ~/net/ws.yaml | oc apply -f -
3. Run wscat against the hostname endpoint
a. podman run -t -i fedora:36 /bin/bash
b. dnf install npm
c. npm install -g wscat
4. Run wscat -c wss://reproducer...............
Actual results: The pod returns 200 as the headers are present
Expected results: The pod returns 500 status code if the Upgrade and Connection headers are missing.
Additional info:
The container logs all requests and it should be easy to see that the headers are missing for the websockets connection. The pod used in the deployment does NOT constitute a real websockets service.
If the openshift ingress controller is modified to have the following annotation
ingress.operator.openshift.io/default-enable-http2: false
Thus disabling HTTP2, then the result should get a 200 response.