assertThat(connect.headers["Host"]).isEqualTo("[::1]:$port")
    assertThat(connect.headers[":authority"]).isNull()
    val get = server.takeRequest()
    assertThat(get.requestLine).isEqualTo("GET / HTTP/1.1")
    assertThat(get.headers["Host"]).isEqualTo("[::1]:$port")
    assertThat(get.headers[":authority"]).isNull()
    assertThat(get.requestUrl).isEqualTo(url)
  }

  @Test

                      type: object
                    rewrite:
                      description: Rewrite HTTP URIs and Authority headers.
                      properties:
                        authority:
                          description: rewrite the Authority/Host header with this
                            value.
                          type: string
                        uri:

HBONE is just a standard HTTP `CONNECT` tunnel, over mutual TLS with mesh (SPIFFE) certificates, on a well known port (15008).
The target destination address is set in the `:authority` header, and additional headers can be included as well.
Currently, only HTTP/2 is supported, though HTTP/1.1 and HTTP/3 are planned.

Currently, SNI is not set by Istio clients and ignored by Istio servers.

                      type: object
                    rewrite:
                      description: Rewrite HTTP URIs and Authority headers.
                      properties:
                        authority:
                          description: rewrite the Authority/Host header with this
                            value.
                          type: string
                        uri:

    // Adapt the request and response into our Request and Response domain model.
    val scheme = if (request.handshake != null) "https" else "http"
    val authority = request.headers["Host"] // Has host and port.
    val fancyRequest =
      Request.Builder()
        .url("$scheme://$authority/")
        .headers(request.headers)
        .build()
    val fancyResponse =
      Response.Builder()
        .code(webSocketResponse.code)

                              }
                            }
                          },
                          {
                            "name": "connect_authority",
                            "typed_config": {
                              "@type": "type.googleapis.com/envoy.extensions.filters.http.set_filter_state.v3.Config",
                              "on_request_headers": [

    val request = server.takeRequest()
    assertThat(request.requestLine).isEqualTo("GET /foo HTTP/1.1")
    assertThat(request.headers[":scheme"]).isEqualTo(scheme)
    assertThat(request.headers[":authority"]).isEqualTo("${server.hostName}:${server.port}")
  }

  @ParameterizedTest
  @ArgumentsSource(ProtocolParamProvider::class)
  fun get204Response(
    protocol: Protocol,
    mockWebServer: MockWebServer,

                              }
                            }
                          },
                          {
                            "name": "connect_authority",
                            "typed_config": {
                              "@type": "type.googleapis.com/envoy.extensions.filters.http.set_filter_state.v3.Config",
                              "on_request_headers": [

   *
   * @param streamId client-initiated stream ID.  Must be an odd number.
   * @param promisedStreamId server-initiated stream ID.  Must be an even number.
   * @param requestHeaders minimally includes `:method`, `:scheme`, `:authority`, and `:path`.
   */
  @Throws(IOException::class)
  fun pushPromise(
    streamId: Int,
    promisedStreamId: Int,
    requestHeaders: List<Header>,
  ) {
    this.withLock {

    author: Somraj Saha
  - author: "@pystar"
    author_link: https://pystar.substack.com/
    link: https://pystar.substack.com/p/how-to-create-a-fake-certificate
    title: How to Create A Fake Certificate Authority And Generate TLS Certs for FastAPI
  - author: Ben Gamble
    author_link: https://uk.linkedin.com/in/bengamble7
    link: https://ably.com/blog/realtime-ticket-booking-solution-kafka-fastapi-ably