oathkeeper
oathkeeper copied to clipboard
ory
SSE writes are ignored by timeout settings
Preflight checklist
- [X] I could not find a solution in the existing issues, docs, nor discussions.
- [X] I agree to follow this project's Code of Conduct.
- [X] I have read and am following this repository's Contribution Guidelines.
- [ ] This issue affects my Ory Cloud project.
- [X] I have joined the Ory Community Slack.
- [X] I am signed up to the Ory Security Patch Newsletter.
Describe the bug
serve.proxy.timeout.write will close server-sent event connections, even if they are using keep-alives.
Reproducing the bug
- Create server with SSE endpoint and keep-alives sent every 15 seconds.
- On the frontend, use the JS
EventSourceAPI to connect and process messages. - The browser console should display an error after Oathkeeper's timeout setting (120s by default) saying the connection was closed.
Relevant log output
No response
Relevant configuration
No response
Version
0.38.15-beta.1
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker
Additional Context
No response
Hm yeah I think Oathkeeper really struggles with SSE. I think one option is to increase the timeout values. However, it will still close at some point.
Maybe we could implement keep alive somehow?
Yeah, having keep-alive would be ideal and allow Oathkeeper to differentiate between a working SSE connection and one that needs to be closed.
Maybe it is possible to simply suspend the timeout if the content type is "text/event-stream".
