samuong
commented
4 years ago For additional context:
Alpaca "hijacks" the ResponseWriter in order to provide a CONNECT tunnel to clients. This means that it takes control of the HTTP response from a ResponseWriter, and writes directly to the connection stream (rather than through functions like WriteHeader() and Write()). According to the documentation for Hijacker.Hijack():
After a call to Hijack, the original Request.Body must not be used. The original Request's Context remains valid and is not canceled until the Request's ServeHTTP method returns.
This bug is about a call to WriteHeader() that shouldn't be there, since it appears after a call to Hijack().
During the handling of a CONNECT request, if the response fails to be written, we will call net/http.ResponseWriter.WriteHeader() on an already-hijacked connection. The call should just be removed (the error is already being logged).