Problem

In #151, a problem was explored where SSO Proxy writes out 200 OK on long requests but nothing is written out to the client. We were able to trace this issue down to a default configuration we specify for the http.Server that would timeout tcp connections after the timeout window specified but before the upstream response was received.

However, because of a bug in the golang stdlib golang/go#21389, when these writes occurred we were unable to easily diagnose the connection had closed and that the write was unsuccessful - no error is returned nor is there any useful log output.

Unfortunately, there is no way to cleanly handle this error case to make debugging more useful without re-writing portions of the http.Server.

Solution

For now, we can make this edge case a little less sharp by handling these timeouts more intuitively. We set the WriteTimeout for the http.Server to now be the max of the either the default value configured or the max upstream timeout config.

Notes

Many thanks to @victornoel for raising both the issue and the mitigation implemented here.