I’m migrating a deployment over from Lambda + API Gateway to Fly. I’ve got it all deployed to Fly just fine, but super weird - our sign-in page works from Chrome, but not Safari. Same code for that route works fine on the Lambda deployment on both Safari and Chrome, and it works fine locally, too. Safari’s console shows: Failed to load resource: cannot parse response. The request shows - for the status of the response, no response headers, nothing. It’s like the request just died. However, the logs in Fly show a 204 being returned.
Again - I can run the exact same code locally, and it works in both Safari and Chrome as expected, and a very similar variant (only differing in package shape to get it running on Lambda) also works as expected there.
As noted in the title, this is a Remix app. Anyone have any idea why this one specific case is acting up?
That’s interesting. Can you crack open Safari Dev Tools and have a look at what the network tab shows for that page or request? Do you know if a 204 response includes any body content from Remix?
No status code even - it appears to just drop. No response body is shown.
FWIW, I deployed the same exact thing to AWS App Runner, no source changes besides some Terraform additions to get it up there. Same Dockerfile and everything. Runs just fine there.
Futhermore, AWS API Gateway and AWS App Runner may be automatically stripping the bodies from 204 responses so that may explain why you don’t have a problem with them.
The Safari Dev tools details for that request would be super helpful. I don’t doubt there’s something weird about that response that Safari doesn’t like, and it’s possible our load balancer is the cause, but I don’t know how to replicate it!
You can usually “copy as cURL” from devtools, if you can do that and post the curl here we can investigate this.
Screenshot, + cURL below. Included full test credentials to that page.
It may actually be a Remix issue, and it just so happens that other hosts (ie App Runner) is more forgiving. I found this, which hasn’t been released yet: fix: null for body to conform to standards (#743) · remix-run/remix@d2dab19 · GitHub. I tried deploying that patch, but that didn’t work. It could be that there are other issues like that needing to be fixed.
@Ben_Kraus I’ve done some analysis and it seems that fly.io is incorrectly closing the HTTP2 stream.
Both cURL and Node.js were unable to successfully perform HTTP2 POST requests to your API endpoint with the provided information.
With cURL, the following error is received:
curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
With Node.js, the following error is received:
Error [ERR_HTTP2_STREAM_ERROR]: Stream closed with error code NGHTTP2_PROTOCOL_ERROR
However, when the password supplied is changed to be the incorrect password, the request successfully completes with a 200 response.
It seems that Chrome may be more forgiving in it’s HTTP2 implementation while Safari, cURL, and Node.js are much more strict.
I also tested these requests using HTTP1.1 (not in Safari) and the issue does not appear so this is specific to HTTP2.
One last thing to note is that in a successful login response, you are returning the headers supplied by the client in the server response headers. You should not do this and this might be causing problems with fly’s HTTP2 proxy which could possibly explain the issue.
You should instead change your code to return the client headers with X-From-Client- prepended to all the header names so they don’t cause interference, but ultimately this should be avoided and only done on debug endpoints or when in debug mode.
Good job debugging this, it’s almost definitely a null body issue. We should handle that better. I made an internal issue to track this, we’ll update this topic if we get anywhere on it.
I believe your app returns a content-length: 47 header with its 204 response. Which is pretty weird.
We’re not messing with the response. I assume AppRunner and Lambda fix that for you. Chrome is also probably fixing that? Not entirely sure.
I’ve confirmed this by querying your VM directly (on port 8080). If you try the curl with --http1.1, you also get the actual response with the content-length: 47 header.
I think it’s coming back around to what @charsleysa said - for some reason it’s including the request’s headers in the response! It could very well be a bug in our own code
Looking…
In that case, that makes me happy, because there’s a nice, proper, workaround. Just threw me for a loop as it worked everywhere else!
