fix: tighten reverse proxy safety handling

Avoid HTTP error writes after hijacking upgraded connections, document ModifyResponse constraints for 101 responses, and normalize forwarded query strings consistently to reduce parsing ambiguity across proxy chains.
2026-06-13 15:47:38 +08:00 · 2026-03-29 01:39:09 +08:00 · 2026-03-29 01:39:09 +08:00 · 6d89b8674f
commit 6d89b8674f
parent 1946216c0e
3 changed files with 13 additions and 5 deletions
--- a/reverseproxy.go
+++ b/reverseproxy.go
@ -472,6 +472,10 @@ func (p *reverseProxyHandler) handleError(c *Context, err error) {
 		return
 	}
 	c.AddError(err)
+	if c.Writer.IsHijacked() {
+		p.logf(c, "reverse proxy error after hijack: %v", err)
+		return
+	}
 	if p.config.ErrorHandler != nil {
 		p.config.ErrorHandler(c.Writer, c.Request, err)
 		if c.Writer.Written() || c.Writer.IsHijacked() {
@ -906,10 +910,7 @@ func cleanReverseProxyQueryParams(rawQuery string) string {
 	if rawQuery == "" {
 		return ""
 	}
-	values, err := url.ParseQuery(rawQuery)
-	if err == nil {
-		return rawQuery
-	}
+	values, _ := url.ParseQuery(rawQuery)
 	return values.Encode()
 }