0a3877be51
The SvelteKit proxy was only stripping host + content-length; the rest of RFC 7230 §6.1 (connection, keep-alive, proxy-authenticate, proxy-authorization, te, trailer, transfer-encoding, upgrade) leaked through to axum. Axum doesn't emit them so the impact is theoretical, but the proxy should be RFC-conformant. Also adds an AbortController with a configurable 60s timeout (BACKEND_PROXY_TIMEOUT_MS) so a wedged backend can't hang the browser request indefinitely — failures surface as the standard 502 upstream_unavailable envelope. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2.5 KiB
2.5 KiB