From ff444a6224c50290723fdb735476f90e5b02a0d0 Mon Sep 17 00:00:00 2001
From: kyouheicf <85217388+kyouheicf@users.noreply.github.com>
Date: Wed, 9 Oct 2024 17:41:47 +0900
Subject: [PATCH 1/4] [ZT] Gateway will respond 502 Bad Gateway when receiving
 HTTP_1_1_REQUIRED

PCX-14005
---
 src/content/docs/cloudflare-one/faq/troubleshooting.mdx | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
index f997b2ff1dc048..f8880338b9ba79 100644
--- a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
+++ b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -174,3 +174,9 @@ To enable software rasterization:
 By default, the WARP client blocks outgoing SMTP traffic on port `25` to prevent users from abusing our service to send spam. Modern email service providers use port `587` or `465` to encrypt emails over a TLS/SSL connection. For more information, refer to [What SMTP port should be used?](https://www.cloudflare.com/learning/email-security/smtp-port-25-587/).
 
 If you need to unblock port `25`, contact your account team.
+
+## I see `502 Bad Gateway` when browsing to a website.
+
+This issue can occur when communicating with the origin that partially support HTTP/2. In these scenarios, the connection from Gateway to the website starts using HTTP/2 but request a downgrade to HTTP/1.1 for some requests. For instance, [servers like IIS don't support auth (and possibly other cases) over HTTP/2](](https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported)). Such the website may send back a `RST_STREAM` frame with the error code `HTTP_1_1_REQUIRED`, which indicates that the browser should retry over HTTP/1.1. Gateway currently translates any received upstream `RST_STREAM` to a pseudo socket close, so you see this as a `502 Bad Gateway` exception page, and the browser doesn't know why it failed.
+
+Gateway do not support for this downgrade mechanism whereby Gateway will re-issue requests over HTTP/1.1 when receiving the `HTTP_1_1_REQUIRED` error code. To make the connection from Gateway to the website successfully, you will need to disable HTTP/2 at the origin.

From 8dffc892995e987e5b932e351a8f3103fe5f05be Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Thu, 10 Oct 2024 16:26:57 -0500
Subject: [PATCH 2/4] Apply PCX style guide

---
 src/content/docs/cloudflare-one/faq/troubleshooting.mdx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
index f8880338b9ba79..ee23371345a1f0 100644
--- a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
+++ b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -177,6 +177,6 @@ If you need to unblock port `25`, contact your account team.
 
 ## I see `502 Bad Gateway` when browsing to a website.
 
-This issue can occur when communicating with the origin that partially support HTTP/2. In these scenarios, the connection from Gateway to the website starts using HTTP/2 but request a downgrade to HTTP/1.1 for some requests. For instance, [servers like IIS don't support auth (and possibly other cases) over HTTP/2](](https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported)). Such the website may send back a `RST_STREAM` frame with the error code `HTTP_1_1_REQUIRED`, which indicates that the browser should retry over HTTP/1.1. Gateway currently translates any received upstream `RST_STREAM` to a pseudo socket close, so you see this as a `502 Bad Gateway` exception page, and the browser doesn't know why it failed.
+This issue can occur when communicating with an origin that partially supports HTTP/2. In these scenarios, the connection from Gateway to the website starts using HTTP/2 but requests a downgrade to HTTP/1.1 for some requests. For example, servers such as [Microsoft Internet Information Services (IIS)](https://learn.microsoft.com/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported) do not support authentication over HTTP/2. When errors occur, the website may send back a `RST_STREAM` frame with the error code `HTTP_1_1_REQUIRED`, which indicates that the browser should retry the request over HTTP/1.1. Gateway translates any received upstream `RST_STREAM` frames to a pseudo socket close, so this appears as a `502 Bad Gateway` exception page. The browser will not indicate why failed.
 
-Gateway do not support for this downgrade mechanism whereby Gateway will re-issue requests over HTTP/1.1 when receiving the `HTTP_1_1_REQUIRED` error code. To make the connection from Gateway to the website successfully, you will need to disable HTTP/2 at the origin.
+Gateway does not support this downgrade mechanism. Instead, when receiving the `HTTP_1_1_REQUIRED` error code, Gateway will reissue requests over HTTP/1.1. To make the connection from Gateway to the website successfully, you will need to disable HTTP/2 at the origin.

From a74457bd6551688f233a3632bd5501c600dcea9b Mon Sep 17 00:00:00 2001
From: kyouheicf <85217388+kyouheicf@users.noreply.github.com>
Date: Fri, 11 Oct 2024 09:28:00 +0900
Subject: [PATCH 3/4] Fix with the intended context

---
 src/content/docs/cloudflare-one/faq/troubleshooting.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
index ee23371345a1f0..5e866e8442bf41 100644
--- a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
+++ b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -179,4 +179,4 @@ If you need to unblock port `25`, contact your account team.
 
 This issue can occur when communicating with an origin that partially supports HTTP/2. In these scenarios, the connection from Gateway to the website starts using HTTP/2 but requests a downgrade to HTTP/1.1 for some requests. For example, servers such as [Microsoft Internet Information Services (IIS)](https://learn.microsoft.com/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported) do not support authentication over HTTP/2. When errors occur, the website may send back a `RST_STREAM` frame with the error code `HTTP_1_1_REQUIRED`, which indicates that the browser should retry the request over HTTP/1.1. Gateway translates any received upstream `RST_STREAM` frames to a pseudo socket close, so this appears as a `502 Bad Gateway` exception page. The browser will not indicate why failed.
 
-Gateway does not support this downgrade mechanism. Instead, when receiving the `HTTP_1_1_REQUIRED` error code, Gateway will reissue requests over HTTP/1.1. To make the connection from Gateway to the website successfully, you will need to disable HTTP/2 at the origin.
+Gateway does not support this downgrade mechanism. When receiving the `HTTP_1_1_REQUIRED` error code, Gateway will not reissue requests over HTTP/1.1. To make the connection from Gateway to the website successfully, you will need to disable HTTP/2 at the origin.

From 2ba77d7814c6b9658713342a03e403ce37300c1b Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Fri, 11 Oct 2024 10:04:42 -0500
Subject: [PATCH 4/4] Fix grammar

---
 src/content/docs/cloudflare-one/faq/troubleshooting.mdx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
index 5e866e8442bf41..3aca3825c5c4ef 100644
--- a/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
+++ b/src/content/docs/cloudflare-one/faq/troubleshooting.mdx
@@ -177,6 +177,6 @@ If you need to unblock port `25`, contact your account team.
 
 ## I see `502 Bad Gateway` when browsing to a website.
 
-This issue can occur when communicating with an origin that partially supports HTTP/2. In these scenarios, the connection from Gateway to the website starts using HTTP/2 but requests a downgrade to HTTP/1.1 for some requests. For example, servers such as [Microsoft Internet Information Services (IIS)](https://learn.microsoft.com/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported) do not support authentication over HTTP/2. When errors occur, the website may send back a `RST_STREAM` frame with the error code `HTTP_1_1_REQUIRED`, which indicates that the browser should retry the request over HTTP/1.1. Gateway translates any received upstream `RST_STREAM` frames to a pseudo socket close, so this appears as a `502 Bad Gateway` exception page. The browser will not indicate why failed.
+This issue can occur when communicating with an origin that partially supports HTTP/2. In these scenarios, the connection from Gateway to the website starts using HTTP/2 but requests a downgrade to HTTP/1.1 for some requests. For example, servers such as [Microsoft Internet Information Services (IIS)](https://learn.microsoft.com/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported) do not support authentication over HTTP/2. When errors occur, the website may send back a `RST_STREAM` frame with the error code `HTTP_1_1_REQUIRED`, which indicates that the browser should retry the request over HTTP/1.1. Gateway translates any received upstream `RST_STREAM` frames to a pseudo socket close, so this appears as a `502 Bad Gateway` exception page. The browser will not indicate why it failed.
 
 Gateway does not support this downgrade mechanism. When receiving the `HTTP_1_1_REQUIRED` error code, Gateway will not reissue requests over HTTP/1.1. To make the connection from Gateway to the website successfully, you will need to disable HTTP/2 at the origin.