on 2023 Nov 27 9:54 PM
Hi all,
Background:
Problem:
My concern is: We don't control our client's environments and so cannot ask them to disable HTTP/2. I am unable to find any known issues about HTTP/2 causing 404 errors.
I'm at a bit of a loss. Thank you for any help in diagnosing!
I now have an answer that includes a workaround.
Cause #1: A Bug Within Envoy
I confirmed that this appears to be an issue in the Envoy proxy used by Istio, which is then used by BTP Kyma:
https://github.com/envoyproxy/envoy/issues/31118#issuecomment-1834164342
Any client that sends both the ":authority" pseudo-header and the "Host" header will run into this problem with Envoy it seems, as Envoy will incorrectly concatenate into the ":authority" field which winds up with an authority that Istio then doesn't find any routes for, because it's looking for a single instance of the name.
Cause #2: NetWeaver Sending Both ":authority" and "Host" headers
NetWeaver sends both ":authority" and "Host" headers even when those values are the same. While allowed by the HTTP/2 spec, this is still slightly unusual behavior for a client (curl, Insomnia, and others appear to interpret the HTTP/2 spec the same way that Envoy did initially).
The only workaround until Envoy releases a fix, it seems, is to get clients (such as NetWeaver) to only send one of the ":authority" or "Host" headers as part of the request. This will result in a request that does not encounter the Envoy bug with Kyma, and thus the request can complete successfully.
(Slightly Hacky) Workaround: Remove hostname from request_url
In our SAP code that utilizes the NetWeaver client to make the HTTP request, we we modify the request_url field to remove the hostname prior to sending the request to Kyma. It's missing the Host header when it goes out, but it has the :authority header already set. Because of that, the header isn't duplicated, and therefore it doesn't hit the Envoy bug.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
62 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.