Chromium UA masquerading in commit b7a22c72 isn't convincing #5800
Description
Integrity requirements
- I have read all the comments in the issue template and ensured that this issue meet the requirements.
- I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
- I provided the complete config and logs, rather than just providing the truncated parts based on my own judgment.
- I searched issues and did not find any similar issues.
- The problem can be successfully reproduced in the latest Release
Description
The commit b7a22c72 causes transports based on HTTP (e.g. WebSocket and gRPC) to become unable to pass through reverse proxies that has server-side fingerprinting firewalls.
Reproduction Method
- Connect to any server behind a reverse proxy with version 26.2.6, preferrably with the WebSocket transport.
Client config
Details
```json { "log": { "loglevel": "info", "dnsLog": true, "maskAddress": "/24+/48" }, "dns": { "tag": "d-dns", "servers": [ "8.8.8.8", "1.1.1.1", { "address": "8.8.4.4", "skipFallback": true, "domains": ["__SERVER__"] }, { "address": "1.0.0.1", "skipFallback": true, "domains": ["__SERVER__"] } ] }, "inbounds": [{ "tag": "i-forwarder", "protocol": "tunnel", "listen": "127.0.0.1", "port": 23456, "settings": { "address": "11.15.0.1", "port": 12345, "network": "tcp" } }], "outbounds": [{ "tag": "o-block", "protocol": "blackhole", "settings": { "response": { "type": "none" } } }, { "tag": "o-direct", "protocol": "freedom", "settings": { "domainStrategy": "AsIs" } }, { "tag": "o-remote", "protocol": "vless", "settings": { "address": "__SERVER__", "port": 443, "flow": "", "id": "__UUID__", "encryption": "none" }, "streamSettings": { "network": "ws", "security": "tls", "wsSettings": { "path": "__PATH__", "host": "__SERVER__" }, "tlsSettings": { "serverName": "__SERVER__", "minVersion": "1.3", "fingerprint": "unsafe", "pinnedPeerCertSha256": "__PINNED_CERT__" } } }], "routing": { "domainStrategy": "IPOnDemand", "rules": [{ "name": "direct-tunnel", "ip": ["11.15.0.0/24"], "outboundTag": "o-remote" }, { "name": "exempt-bootstrap-dns-query", "port": "53", "outboundTag": "o-direct" }] } } ```Server config
N/A
Client log
2026/03/13 18:43:05.300080 [Info] [2720414444] proxy/dokodemo: received request for 127.0.0.*:55596
2026/03/13 18:43:05.300105 [Info] [2720414444] app/dispatcher: taking detour [o-remote] for [tcp:11.15.0.*:23456]
2026/03/13 18:43:05.300116 [Info] [2720414444] transport/internet/websocket: creating connection to tcp:__SERVER__:443
2026/03/13 18:43:05.300127 from 127.0.0.*:55596 accepted tcp:11.15.0.*:12345 [i-forwarder -> o-remote]
2026/03/13 18:43:06.159361 [Info] [2720414444] transport/internet/websocket: creating connection to tcp:__SERVER__:443
2026/03/13 18:43:06.973606 [Info] [2720414444] transport/internet/websocket: creating connection to tcp:__SERVER__:443
2026/03/13 18:43:08.027049 [Info] [2720414444] transport/internet/websocket: creating connection to tcp:__SERVER__:443
2026/03/13 18:43:09.271469 [Info] [2720414444] transport/internet/websocket: creating connection to tcp:__SERVER__:443
2026/03/13 18:43:10.773354 [Info] [2720414444] app/proxyman/outbound: app/proxyman/outbound: failed to process outbound traffic > proxy/vless/outbound: failed to find an available destination > common/retry: [transport/internet/websocket: failed to dial WebSocket > transport/internet/websocket: failed to dial to (wss://__SERVER__:443/__PATH__): 400 Bad Request > websocket: bad handshake] > common/retry: all retry attempts failed
Server log
The server cannot receive any connections, let alone logs.