[GH-ISSUE #1362] http: response.WriteHeader on hijacked connection log warning #961

New issue

Closed

opened 2026-05-07 00:29:09 +02:00 by BreizhHardware · 5 comments

BreizhHardware commented 2026-05-07 00:29:09 +02:00

Owner

Copy link

Originally created by @warioishere on GitHub (Jun 1, 2025).
Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1362

Hi there,

I'm occasionally seeing the following log warning in my ntfy server logs:

2025/06/01 16:36:07 http: response.WriteHeader on hijacked connection from heckel.io/ntfy/v2/server.(*Server).handleError (server.go:416)

This seems to indicate that the server attempted to write an HTTP response header to a connection that was already hijacked (e.g. for long polling or streaming).

Context

• ntfy Server Version 2.12
• Deployment: binary
• Reverse Proxy: haproxy

Expected behavior

Ideally, this warning should not occur. If the connection has been hijacked (for streaming), the server should probably avoid calling WriteHeader.

Notes

• This may not affect functionality directly, but it clutters logs and could mask real issues.
• I suspect this happens when an error occurs after the connection was hijacked but before the stream was fully established or closed.

Would it be possible to suppress this log or handle such cases more gracefully?

Thanks for your work on ntfy!

Originally created by @warioishere on GitHub (Jun 1, 2025). Original GitHub issue: https://github.com/binwiederhier/ntfy/issues/1362 Hi there, I'm occasionally seeing the following log warning in my ntfy server logs: ``` 2025/06/01 16:36:07 http: response.WriteHeader on hijacked connection from heckel.io/ntfy/v2/server.(*Server).handleError (server.go:416) ``` This seems to indicate that the server attempted to write an HTTP response header to a connection that was already hijacked (e.g. for long polling or streaming). ### Context * ntfy Server Version 2.12 * Deployment: binary * Reverse Proxy: haproxy ### Expected behavior Ideally, this warning should not occur. If the connection has been hijacked (for streaming), the server should probably avoid calling `WriteHeader`. ### Notes * This may not affect functionality directly, but it clutters logs and could mask real issues. * I suspect this happens when an error occurs *after* the connection was hijacked but before the stream was fully established or closed. Would it be possible to suppress this log or handle such cases more gracefully? Thanks for your work on ntfy!

BreizhHardware 2026-05-07 00:29:09 +02:00

• closed this issue
• added the
  🪲 bug
  server
  labels

BreizhHardware commented 2026-05-07 00:29:10 +02:00

Author

Owner

Copy link

@wunter8 commented on GitHub (Jun 1, 2025):

This seems to be caused by my PR here: https://github.com/binwiederhier/ntfy/pull/1338

I was trying to pass errors (authentication errors specifically) in response to websocket requests since wss://ntfy.sh/secret-topic-that-requires-auth/ws would return a 200 code and an empty body instead of returning a 403 and indicating to the user that authentication is required.

Not sure right now what the best fix is

<!-- gh-comment-id:2927835070 --> @wunter8 commented on GitHub (Jun 1, 2025): This seems to be caused by my PR here: https://github.com/binwiederhier/ntfy/pull/1338 I was trying to pass errors (authentication errors specifically) in response to websocket requests since `wss://ntfy.sh/secret-topic-that-requires-auth/ws` would return a 200 code and an empty body instead of returning a 403 and indicating to the user that authentication is required. Not sure right now what the best fix is

BreizhHardware commented 2026-05-07 00:29:10 +02:00

Author

Owner

Copy link

@bonfiresh commented on GitHub (Feb 3, 2026):

i have the same issue with the latest release

<!-- gh-comment-id:3844359680 --> @bonfiresh commented on GitHub (Feb 3, 2026): i have the same issue with the latest release

BreizhHardware commented 2026-05-07 00:29:10 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Feb 3, 2026):

i have the same issue with the latest release

It's not really an issue, it's just log spam. But it is annoying, I agree.

<!-- gh-comment-id:3844396179 --> @binwiederhier commented on GitHub (Feb 3, 2026): > i have the same issue with the latest release It's not really an issue, it's just log spam. But it is annoying, I agree.

BreizhHardware commented 2026-05-07 00:29:10 +02:00

Author

Owner

Copy link

@binwiederhier commented on GitHub (Feb 4, 2026):

Fixed in github.com/binwiederhier/ntfy@08eaafa77b

<!-- gh-comment-id:3847682656 --> @binwiederhier commented on GitHub (Feb 4, 2026): Fixed in https://github.com/binwiederhier/ntfy/commit/08eaafa77b8284d0651e424667342abf2cb13d45

BreizhHardware commented 2026-05-07 00:29:11 +02:00

Author

Owner

Copy link

@warioishere commented on GitHub (Feb 4, 2026):

thanks!

<!-- gh-comment-id:3847689350 --> @warioishere commented on GitHub (Feb 4, 2026): thanks!

BreizhHardware referenced this issue 2026-05-07 01:02:16 +02:00

[PR #961] [MERGED] Update docker-dev go version #1476

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dependabot/npm_and_yarn/web/fast-uri-3.1.2

email-verification

attachment-no-http2

attachment-fixes

attachment-s3

config-generator

postgres-replica

dockers-v2

postgres-support

postgres-webpush+user+message

postgres-webpush+user

postgres-webpush

1364-copy-action

crashfix

user-header

scalar-api-docs

cancel-scheduled

update-available

windows-server

303-update-notifications

postgres

admin-ui

require-login

http-clipboard

message-cache-lock

debian-stripe

predefined-users

busy-timeout

template-dir

ipv6

client-ip-header

apns-fix

feat_optional_require_login

security-updates

pg-message-cache

templating-disallow

templating-3

templating-2

message-size-limit+delay-limit

remove-rate-topics

html-emails

cf-priority

acl-underscores

auth-user-header

markdown

img-attach

web-improvements

utf8-headers

matrix-507-reject

http-response-writer

new-homepage-design

e2e

canary

windows

electron

update-messages

webhook-templating

v2.22.0

v2.21.0

v2.20.1

v2.20.0

v2.19.2

v2.19.1

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.14.0

v2.13.0

v2.12.0

v2.11.0

v2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.0

v2.3.1

v2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

v2.0.0

v1.31.0

v1.30.1

v1.29.1

v1.29.0

v1.28.0

v1.27.2

v1.27.1

v1.26.0

v1.25.2

v1.25.1

v1.25.0

v1.24.0

v1.23.0

v1.22.0

v1.21.2

v1.21.1

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.0

v1.14.1

v1.14.0

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.2

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.1

v1.6.0

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.8

v1.4.7

v1.4.6

v1.4.5

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.2

v1.3.3

v1.3.1

v1.3.0

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

ai-generated

  

android-app

  

android-app

  

android-app

  

🪲 bug

  

build

  

build

  

dependencies

  

docs

  

enhancement

  

enhancement

  

🔥 HOT

  

in-progress 🏃

  

ios

  

prio:low

  

prio:low

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

🔒 security

  

server

  

server

  

unified-push

  

web-app

  

website

No labels

ai-generated

android-app

android-app

android-app

🪲 bug

build

build

dependencies

docs

enhancement

enhancement

🔥 HOT

in-progress 🏃

ios

prio:low

prio:low

pull-request

question

🔒 security

server

server

unified-push

web-app

website

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ntfy#961

No description provided.