From a68d057c9dc41951019ab8e5d603c5ca101f3516 Mon Sep 17 00:00:00 2001
From: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Date: Mon, 4 Nov 2024 06:41:48 -0800
Subject: [PATCH] fix(server): accept HTTP/1.1 for backward compatibility
 (#20639)

Signed-off-by: Alexandre Gaudreault <alexandre_gaudreault@intuit.com>
Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
---
 server/server.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server/server.go b/server/server.go
index 31641c590f819..6625461dfab03 100644
--- a/server/server.go
+++ b/server/server.go
@@ -562,7 +562,11 @@ func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) {
 		// If not matched, we assume that its TLS.
 		tlsl := tcpm.Match(cmux.Any())
 		tlsConfig := tls.Config{
-			NextProtos: []string{"h2"},
+			// Advertise that we support both http/1.1 and http2 for application level communication.
+			// By putting http/1.1 first, we ensure that HTTPS clients will use http/1.1, which is the only
+			// protocol our server supports for HTTPS clients. By including h2 in the list, we ensure that
+			// gRPC clients know we support http2 for their communication.
+			NextProtos: []string{"http/1.1", "h2"},
 		}
 		tlsConfig.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
 			return a.settings.Certificate, nil