fix(rustproxy-http): use the requested domain as HTTP/2 authority instead of the backend host and port

changelog.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## 2026-03-12 - 25.10.6 - fix(rustproxy-http)
+use the requested domain as HTTP/2 authority instead of the backend host and port
+
+- build HTTP/2 absolute URIs from the client-facing domain so the :authority pseudo-header matches the Host header
+- remove backend port from generated HTTP/2 request URIs and fall back to the upstream host only when no domain is available
+- apply the authority handling consistently across pooled, inline, and generic upstream request paths
+
 ## 2026-03-12 - 25.10.5 - fix(rustproxy-http)
 configure HTTP/2 client builders with a Tokio timer for keep-alive handling
 

rust/crates/rustproxy-http/src/proxy_service.rs

@@ -1084,9 +1084,9 @@ impl HttpProxyService {
         });
 
         // Build request with empty body using absolute URI for H2 pseudo-headers
-        let h2_uri = format!("{}://{}:{}{}",
+        let scheme = if pool_key.use_tls { "https" } else { "http" };
-            if pool_key.use_tls { "https" } else { "http" },
+        let authority = if domain != "-" { domain } else { pool_key.host.as_str() };
-            pool_key.host, pool_key.port, upstream_path);
+        let h2_uri = format!("{}://{}{}", scheme, authority, upstream_path);
         let mut upstream_req = Request::builder()
             .method(method)
             .uri(&h2_uri);
@@ -1211,9 +1211,9 @@ impl HttpProxyService {
                 // Build and send the h2 request inline (don't register in pool yet —
                 // we need to verify the request actually succeeds first, because some
                 // backends advertise h2 via ALPN but don't speak the h2 binary protocol).
-                let h2_uri = format!("{}://{}:{}{}",
+                let scheme = if upstream.use_tls { "https" } else { "http" };
-                    if upstream.use_tls { "https" } else { "http" },
+                let authority = if domain != "-" { domain } else { upstream.host.as_str() };
-                    upstream.host, upstream.port, upstream_path);
+                let h2_uri = format!("{}://{}{}", scheme, authority, upstream_path);
                 let mut upstream_req = Request::builder()
                     .method(parts.method)
                     .uri(&h2_uri);
@@ -1464,13 +1464,12 @@ impl HttpProxyService {
         domain: &str,
     ) -> Result<Response<BoxBody<Bytes, hyper::Error>>, hyper::Error> {
         // Build absolute URI for H2 pseudo-headers (:scheme, :authority)
-        let h2_uri = if let Some(pk) = pool_key {
+        // Use the requested domain as authority (not backend address) so :authority matches Host header
-            format!("{}://{}:{}{}",
+        let scheme = if pool_key.map(|pk| pk.use_tls).unwrap_or(false) { "https" } else { "http" };
-                if pk.use_tls { "https" } else { "http" },
+        let authority = if domain != "-" { domain } else {
-                pk.host, pk.port, upstream_path)
+            pool_key.map(|pk| pk.host.as_str()).unwrap_or("localhost")
-        } else {
-            upstream_path.to_string()
         };
+        let h2_uri = format!("{}://{}{}", scheme, authority, upstream_path);
         let mut upstream_req = Request::builder()
             .method(parts.method)
             .uri(&h2_uri);

ts/00_commitinfo_data.ts

@@ -3,6 +3,6 @@
  */
 export const commitinfo = {
   name: '@push.rocks/smartproxy',
-  version: '25.10.5',
+  version: '25.10.6',
   description: 'A powerful proxy package with unified route-based configuration for high traffic management. Features include SSL/TLS support, flexible routing patterns, WebSocket handling, advanced security options, and automatic ACME certificate management.'
 }