Skip to content

fix(proxy): increase ResponseHeaderTimeout from 30s to 5m #23

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andybons merged 1 commit into from
Apr 26, 2026
Merged

fix(proxy): increase ResponseHeaderTimeout from 30s to 5m #23

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,12 @@ Gatekeeper is a standalone credential-injecting TLS-intercepting proxy. It trans

Gatekeeper is pre-1.0. The configuration schema and credential source interface may change between minor versions.

## v0.9.1 — 2026-04-26

### Fixed

- **Increased response header timeout from 30s to 5m** — LLM inference (especially extended thinking models like Claude 3.7 Sonnet) can take well over 30 seconds before the first response byte; the previous 30s `ResponseHeaderTimeout` caused read timeouts on slow-to-start completions; the new 5-minute default covers extended thinking while still catching genuinely dead connections; applies to all transport paths (CONNECT interception, HTTP relay, MCP relay)

## v0.9.0 — 2026-04-22

### Added
Expand Down
2 changes: 1 addition & 1 deletion proxy/mcp.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ var mcpRelayClient = &http.Client{
KeepAlive: 30 * time.Second,
}).DialContext,
TLSHandshakeTimeout: 10 * time.Second,
ResponseHeaderTimeout: 30 * time.Second,
ResponseHeaderTimeout: 5 * time.Minute,
IdleConnTimeout: 90 * time.Second,
},
}
Expand Down
4 changes: 2 additions & 2 deletions proxy/proxy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ var httpTransport = &http.Transport{
KeepAlive: 30 * time.Second,
}).DialContext,
TLSHandshakeTimeout: 10 * time.Second,
ResponseHeaderTimeout: 30 * time.Second,
ResponseHeaderTimeout: 5 * time.Minute,
IdleConnTimeout: 90 * time.Second,
}

Expand Down Expand Up @@ -1922,7 +1922,7 @@ func (p *Proxy) handleConnectWithInterception(w http.ResponseWriter, r *http.Req
RootCAs: p.upstreamCAs, // nil means system roots
},
TLSHandshakeTimeout: 10 * time.Second,
ResponseHeaderTimeout: 30 * time.Second,
ResponseHeaderTimeout: 5 * time.Minute,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
// Note: Do NOT set ForceAttemptHTTP2 here. This transport forwards
Expand Down
2 changes: 1 addition & 1 deletion proxy/relay.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ var relayClient = &http.Client{
KeepAlive: 30 * time.Second,
}).DialContext,
TLSHandshakeTimeout: 10 * time.Second,
ResponseHeaderTimeout: 30 * time.Second,
ResponseHeaderTimeout: 5 * time.Minute,
IdleConnTimeout: 90 * time.Second,
},
}
Expand Down
Loading