From b008fc8e612e5a2635b77ef9971b32f60db54164 Mon Sep 17 00:00:00 2001
From: wjqserver <114663932+WJQSERVER@users.noreply.github.com>
Date: Sun, 19 Apr 2026 07:44:22 +0800
Subject: [PATCH] fix: only remove Sec-WebSocket-Accept if present in HTTP/2
 Extended CONNECT

- Check if Sec-WebSocket-Accept header exists before deleting
- This prevents unnecessary header manipulation when backend doesn't send it
- Maintains compatibility with backends that may or may not include this header
---
 reverseproxy.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/reverseproxy.go b/reverseproxy.go
index 5ec3693..f8335d2 100644
--- a/reverseproxy.go
+++ b/reverseproxy.go
@@ -1014,7 +1014,9 @@ func (p *reverseProxyHandler) handleBridgedExtendedConnectResponse(c *Context, r
 	responseHeader := c.Writer.Header()
 	reverseProxyCopyHeader(responseHeader, res.Header)
 	removeHopByHopHeaders(responseHeader)
-	responseHeader.Del("Sec-WebSocket-Accept")
+	if accept := res.Header.Get("Sec-WebSocket-Accept"); accept != "" {
+		responseHeader.Del("Sec-WebSocket-Accept")
+	}
 	c.Writer.WriteHeader(http.StatusOK)
 	if err := controller.Flush(); err != nil && !errors.Is(err, http.ErrNotSupported) {
 		backConn.Close()