Support HTTP/2 :authority & :scheme + destination mismatches

pimterry · pimterry · commit e7afe495d7f7 · 2025-05-07T17:29:00.000+02:00
Previously this wasn't possible, but it now is, given the new support
for tunnel destination detection.
diff --git a/src/rules/passthrough-handling.ts b/src/rules/passthrough-handling.ts
@@ -230,7 +230,10 @@ export function getHostAfterModification(
     );
 }
 
-export const OVERRIDABLE_REQUEST_PSEUDOHEADERS = [
+// These pseudoheaders are modifable, in that they are independent from the other HTTP
+// request params: you can send plain HTTP but set :scheme:https, and you can send
+// to one hostname but set another hostname as the authority.
+export const MODIFIABLE_PSEUDOHEADERS = [
     ':authority',
     ':scheme'
 ] as const;
@@ -245,7 +248,7 @@ export function getH2HeadersAfterModification(
     reqUrl: string,
     originalHeaders: Headers,
     replacementHeaders: Headers | undefined
-): { [K in typeof OVERRIDABLE_REQUEST_PSEUDOHEADERS[number]]: string } {
+): { [K in typeof MODIFIABLE_PSEUDOHEADERS[number]]: string } {
     const parsedUrl = url.parse(reqUrl);
 
     return {
diff --git a/src/rules/requests/request-handlers.ts b/src/rules/requests/request-handlers.ts
@@ -74,7 +74,7 @@ import {
     getContentLengthAfterModification,
     getHostAfterModification,
     getH2HeadersAfterModification,
-    OVERRIDABLE_REQUEST_PSEUDOHEADERS,
+    MODIFIABLE_PSEUDOHEADERS,
     buildOverriddenBody,
     getUpstreamTlsOptions,
     shouldUseStrictHttps,
@@ -632,7 +632,7 @@ export class PassThroughHandler extends PassThroughHandlerDefinition {
             validateCustomHeaders(
                 clientHeaders,
                 modifiedReq?.headers,
-                OVERRIDABLE_REQUEST_PSEUDOHEADERS // These are handled by getCorrectPseudoheaders above
+                MODIFIABLE_PSEUDOHEADERS // These are handled by getH2HeadersAfterModification above
             );
 
             reqBodyOverride = await buildOverriddenBody(modifiedReq, headers);
@@ -729,9 +729,7 @@ export class PassThroughHandler extends PassThroughHandlerDefinition {
             // We drop all incoming pseudoheaders, and regenerate them (except legally modified ones)
             rawHeaders = rawHeaders.filter(([key]) =>
                 !key.toString().startsWith(':') ||
-                (headersManuallyModified &&
-                    OVERRIDABLE_REQUEST_PSEUDOHEADERS.includes(key.toLowerCase() as any)
-                )
+                MODIFIABLE_PSEUDOHEADERS.includes(key.toLowerCase() as any)
             );
         } else if (isH2Downstream && !shouldTryH2Upstream) {
             rawHeaders = h2HeadersToH1(rawHeaders);
diff --git a/test/integration/http2.spec.ts b/test/integration/http2.spec.ts
@@ -461,7 +461,7 @@ nodeOnly(() => {
                 await cleanup(proxiedClient, client);
             });
 
-            it("should include should metadata in events for proxied HTTP/2 responses", async function() {
+            it("should include response metadata in events for proxied HTTP/2 responses", async function() {
                 if (!semver.satisfies(process.version, H2_TLS_ON_TLS_SUPPORTED)) this.skip();
 
                 let seenResponsePromise = getDeferred<CompletedResponse>();
