Just had a chance to build and test this and there are 2 things I could see be being a problem.

1. because this uses the CONNECT code path it returns a 'HTTP/1.0 200 Connection established' response to the client -- even though the client never used CONNECT and thus may not be expecting it.

2. I read RFC2616 as saying that Upgrade headers are for the immediate hop only. I may be misinterpreting and don't claim to understand all of the potential risks of passing them -- which is why I gated my work in PR WIP: Allow http upgrades w/o using connect method. #207 behind a config flag. You and the tinyproxy crew are much more likely to know the trade-offs and I defer to you on that -- but I wanted to point it out and ask if I'm not understanding it correctly.

I have a feeling that the first issue could be a problem for many consuming libraries which I imagine would stop looking for the 101 status code after finding the 200. Perhaps we could try to merger our strategies -- handle upgrade websocket specially but not require a config option?

Detailed testing output

This PR (#211) -- note the extra HTTP 200 response before the websocket response comes in

$ nc -C 10.137.0.14 3128
GET / HTTP/1.1
Host: echo.websocket.org:80
Upgrade: websocket
Connection: Upgrade
Origin: http://echo.websocket.org
Sec-WebSocket-Key: 5KNqfsPZ9m/BbeRlVpf7MQ==
Sec-WebSocket-Version: 13

HTTP/1.0 200 Connection established
Proxy-agent: tinyproxy/1.10.0-git-3-gf44d0f3

HTTP/1.1 101 Web Socket Protocol Handshake
Connection: Upgrade
Date: Fri, 28 Dec 2018 23:42:33 GMT
Sec-WebSocket-Accept: cBcVi9h4CSNKbf1RoRJaSJVUwis=
Server: Kaazing Gateway
Upgrade: websocket

My PR (#207) -- uglier code but expected behavior:

$ nc -C 10.137.0.14 3128
GET / HTTP/1.1
Host: echo.websocket.org:80
Upgrade: websocket
Connection: Upgrade
Origin: http://echo.websocket.org
Sec-WebSocket-Key: 5KNqfsPZ9m/BbeRlVpf7MQ==
Sec-WebSocket-Version: 13

HTTP/1.0 101 Web Socket Protocol Handshake
Via: 1.1 tinyproxy (tinyproxy/1.10.0-git-3-gf44d0f3)
Upgrade: websocket
Sec-WebSocket-Accept: cBcVi9h4CSNKbf1RoRJaSJVUwis=
Connection: Upgrade
Date: Sat, 29 Dec 2018 00:05:36 GMT
Server: Kaazing Gateway

Stock tinyproxy (for comparison)

$ nc -C 10.137.0.14 3128
GET / HTTP/1.1
Host: echo.websocket.org:80
Upgrade: websocket
Connection: Upgrade
Origin: http://echo.websocket.org
Sec-WebSocket-Key: 5KNqfsPZ9m/BbeRlVpf7MQ==
Sec-WebSocket-Version: 13

HTTP/1.0 400 WebSocket Upgrade Failure
Via: 1.1 tinyproxy (tinyproxy/1.10.0-git-3-gf44d0f3)
Content-Length: 77
Server: Kaazing Gateway
Date: Fri, 28 Dec 2018 23:51:15 GMT
Content-Type: text/html

<html><head></head><body><h1>400 WebSocket Upgrade Failure</h1></body></html>

hi @dmwilcox, thanks a lot for your helpful review. i added a commit that addresses point 1 of your findings, as for point 2 i don't really have an opinion other than that because we're merely proxying the connection on, no further action should be taken from our side and the recipient should handle anything else.

does that make sense ? are there more concerns, eventually regarding possible breakage with other scenarios where an upgrade header is used for other purposes, e.g. HTTP/2.0?

Hi @rofl0r, are these changes planned to merge?

@vaneses: yeah, after someone tested it

Is there any plans to merge this PR? There are some applications that use websockets and don't work behind tinyproxy probably because of this.

Is there any plans to merge this PR?

yes, as stated in my last comment, as soon as somebody tests it and reports that it works OK.
you could be the one, @SPascareli

Ok, can I just run it and see if this solves the problem, or do I need to do some more formal testing?

Ok, can I just run it and see if this solves the problem, or do I need to do some more formal testing?

right, we should also check whether it affects non-websocket use, so maybe you can additionally just use the proxy for your browsing for a day ?

as this PR is quite old already, i rebased it on current master.
we still need a volunteer who tests this for both upgrade/websocket and regular browsing scenarios.

I built this using the master branch and it's working fine for me with Nostr. My regular browsing doesn't appear to be impacted either.