SSE writes are ignored by timeout settings

[andrewbanchich]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] This issue affects my Ory Cloud project.
• [X] I have joined the Ory Community Slack.
• [X] I am signed up to the Ory Security Patch Newsletter.

Describe the bug

serve.proxy.timeout.write will close server-sent event connections, even if they are using keep-alives.

Reproducing the bug

1. Create server with SSE endpoint and keep-alives sent every 15 seconds.
2. On the frontend, use the JS EventSource API to connect and process messages.
3. The browser console should display an error after Oathkeeper's timeout setting (120s by default) saying the connection was closed.

Relevant log output

No response

Relevant configuration

No response

Version

0.38.15-beta.1

On which operating system are you observing this issue?

Linux

In which environment are you deploying?

Docker

Additional Context

No response

[aeneasr]

Hm yeah I think Oathkeeper really struggles with SSE. I think one option is to increase the timeout values. However, it will still close at some point.

Maybe we could implement keep alive somehow?

[andrewbanchich]

Yeah, having keep-alive would be ideal and allow Oathkeeper to differentiate between a working SSE connection and one that needs to be closed.

[andlinger]

Maybe it is possible to simply suspend the timeout if the content type is "text/event-stream".