go - Handling Proxy: How to Avoid Issues with Headers in Dual Connection Setup? - Stack Overflow

Body: I am implementing a WebSocket proxy and encountered two distinct approaches. Each has its challenges, particularly around handshake management and header handling.

Approach 1: This approach directly forwards the WebSocket handshake and data between the client and server

func serveWebsocket(w http.ResponseWriter, r *http.Request) {
    tlsConfig := &tls.Config{
        InsecureSkipVerify: false,
        .... // certs and all
    }
    targetConn, err := tls.Dial("tcp", r.URL.Host, tlsConfig)
    if err != nil {
        log.Printf("Error connecting to target via TLS: %v", err)
        return
    }
    defer targetConn.Close()

    hj, ok := w.(http.Hijacker)
    if !ok {
        log.Printf("Server doesn't support connection hijacking")
        return
    }
    clientConn, _, err := hj.Hijack()
    if err != nil {
        log.Printf("Error hijacking connection: %v", err)
        return
    }
    defer clientConn.Close()

    // Perform handshake manually and proxy data
    if err := proxyHandshake(clientConn, targetConn, r); err != nil {
        log.Printf("Error during handshake: %v", err)
        return
    }

    go io.Copy(targetConn, clientConn)
    go io.Copy(clientConn, targetConn)
}

Approach 2: Dual Connection with Library (coder/websocket)

This approach creates separate WebSocket connections between client <-> proxy and proxy <-> server:

func handleWebSocketConnection(w http.ResponseWriter, r *http.Request) {
    clientConn, err := websocket.Accept(w, r, nil)
    if err != nil {
        log.Printf("Failed to accept WebSocket connection: %v", err)
        return
    }
    defer clientConn.Close(200, "Client disconnected")

    tlsConfig := &tls.Config{
        InsecureSkipVerify: false,
        ... // certs and all
    }
    httpClient := &http.Client{
        Transport: &http.Transport{
            TLSClientConfig: tlsConfig,
        },
    }
    targetConn, _, err := websocket.Dial(r.Context(), "wss://example", &websocket.DialOptions{
        HTTPClient: httpClient,
    })
    if err != nil {
        log.Printf("Failed to connect to target server via TLS: %v", err)
        return
    }
    defer targetConn.Close(200, "Target disconnected")

    go io.Copy((clientConn, targetConn)
    go io.Copy(targetConn, clientConn)
...

}

Problem In Approach 2, where two separate WebSocket connections are created:

1. How should I handle the headers and other metadata from the client's request to ensure the server receives all required information? I did find this .5.1 which gives some information regarding the headers we are supposed to remove at proxy.
2. What are the best practices to forward or modify headers to mimic the behavior of a proxy without losing data integrity?

Additional Context In Approach 1, headers are automatically passed as part of the handshake because the proxy is forwarding the handshake directly. However, in Approach 2, since the library handles the handshake, the proxy needs to replicate the headers manually during the server connection setup.

Also, When someone refers to a "WebSocket proxy" implementation, are they typically referring to an implementation:

1. where the handshake is directly forwarded between the client and server (like in Approach 1 above)?
2. or a dual connection setup where the proxy acts as an intermediary with separate connections to the client and server (like in Approach 2)?