Hello, I’m developing an authentication plugin for Kong that utilizes both the access and response phases of the request lifecycle. Normally, on HTTP/1.1, both the request and response are validated by our plugin before being allowed to continue through Kong. When using HTTP/2.0 however, I see the following message logged in error.log:
2022/06/21 21:30:53 [notice] 195011#0: *13744 [lua] init.lua:981: access(): response buffering was turned off: incompatible HTTP version (2), client: omitted, server: kong, request: “GET /? HTTP/2.0”, host: “omitted”
After this, the response phase of my plugin does not get called, but the response is allowed to continue to the client anyway. This effectively bypasses authentication on the server response! Is this intended? Is there a workaround for this, perhaps by disabling HTTP/2.0 communications through Kong?