`pflag.GetStringSlice` treats commas as delimiters, which causes issues
when passing headers whose values contain commas (`X-Robots-Tag:
noindex, nofollow`). These are incorrectly split into multiple headers
and errors out:
- `X-Robots-Tag: noindex`
- ` nofollow`
Switch to `pflag.GetStringArray`, which does not split on commas[1].
Note that this changes behavior for cases where multiple headers were
provided in a single argument with commas (`--header-down "X-Foo:
Bar,X-Bar: Foo"`). Such cases will now be treated as a single header
value. If this breaking change is unacceptable, we will need a smarter
fallback mechanism.
[1] https://github.com/spf13/pflag/pull/90
* use the new http.Protocols to handle h1, h2 and h2c requests
* fix lint
* keep ConnCtxKey for now
* fix handling for h2c
* check http version while reading the connection
* check if connection implements connectionStater when it should
* add comments about either h1 or h2 must be used in the listener
* fix if check
* return a net.Conn that implements connectionStater if applicable
* remove http/1.1 from alpn if h1 is disabled
* fix matching if only h1 is enabled
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* http: clean up listeners if some of the listeners fail to bind
* check for nil server due to failure to start
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* feat: add bcrypt cost parameter to hash-password
* revert: typos
* refactor: take the cost out of interface
* fix: default bcrypt cost to 14
* fix: follow bcrypt library for min and max cost
* doc: mention defaultBcryptCost in cost parameter description
* chore: gci format
* fix: more specific bcrypt cost algorithm flag
* feat: bcrypt cost provisioning
* Revert "feat: bcrypt cost provisioning"
This reverts commit e09d4bd036.
* chore: gci format
* chore: gci format
* chore: gci format
* chore: golangcilint fmted
---------
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
This commit adds support for LibreJS (https://en.wikipedia.org/wiki/GNU_LibreJS).
LibreJS would block this embedded JavaScript because its license is not stated in a machine-readable format.
Signed-off-by: Cédric Félizard <cedric@felizard.fr>
* fix: resolve http.request placeholders in header directive find operation
- Skip regex compilation during provision when placeholders are detected
- Compile regex at runtime after placeholder replacement
- Preserves performance for static regexes while enabling dynamic placeholders
- Fixes#7109
* test: add tests for placeholder detection in header replacements
- Test containsPlaceholders function edge cases
- Test provision skips compilation for dynamic regexes
- Test end-to-end placeholder replacement functionality
* chore: upgrade .golangci.yml and workflow to v2
run `golangci-lint fmt`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* run `golangci-lint run --fix`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* more lint fixes
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* bring back comments to .golangci.yml
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* appease the linter some more
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* oops
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* use embedded structs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* use embedded structs where they were used before
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* disable rule `-QF1006`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* missed a spot
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* caddytls: Prefer managed wildcard certs over individual subdomain certs
* Repurpose force_automate as no_wildcard
* Fix a couple bugs
* Restore force_automate and use automate loader as wildcard override
* caddyauth: Set authentication provider error in placeholder for handle_errors directive
* caddyauth: Simplify error placeholder setting for authentication provider
Currently if we extract the DialInfo from a Request Context during an active health check, then the Upstream in the DialInfo is nil.
This PR attempts to set the Upstream to a sensible value, based on wether or not the Upstream has been overriden in the active health check's config.
* events: Refactor; move Event into core, so core can emit events
Requires some slight trickery to invert dependencies. We can't have the caddy package import the caddyevents package, because caddyevents imports caddy. Interface to the rescue!
Also add two new events, experimentally: started, and stopping. At the request of a sponsor.
Also rename "Filesystems" to "FileSystems" to match Go convention (unrelated to events, was just bugging me when I noticed it).
* Coupla bug fixes
* lol whoops
* core: add modular `network_proxy` support
Co-authored-by: @ImpostorKeanu
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* move modules around
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* add caddyfile implementation
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* address feedbcak
* Apply suggestions from code review
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
* adapt ForwardProxyURL to use the NetworkProxyRaw
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* remove redundant `url` in log
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* code review
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* remove `.source` from the module ID
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
Publishing a DNS record for a name that doesn't have any could make wildcards ineffective, which would be surprising for site owners and could lead to downtime.
