2651 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
Mohammed Al Sahaf	c0e9e771ce	Merge branch 'master' into add-tests	2026-06-09 02:30:37 +03:00
Mohammed Al Sahaf	1661cfd901	admin: fix origin comparison ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-09 02:29:52 +03:00
Rhul	55b3397a2d	reverseproxy: validate on weighted_round_robin loadbalancing policy (#7807) ... * reverseproxy: validate on weighted_round_robin policy Validate that weighted_round_robin has a non-zero total weight. This prevents configurations such as: weighted_round_robin 0 0 from being accepted and causing a divide-by-zero panic during request handling. * test: validation test on zero weight upstreams. * test: provision called instead of totalweight setting * reverseproxy: validate on negative upstream weights * test: regression test on weighted_round_robin selection policy	2026-06-08 02:18:20 +10:00
Micky	d3986f824d	Add missing "is" (#7802) ... Signed-off-by: Micky <60691199+AliMickey@users.noreply.github.com>	2026-06-06 21:02:51 +00:00
Mohammed Al Sahaf	c67ace9949	add admin origin and host check tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 21:43:44 +03:00
Mohammed Al Sahaf	293abe8de0	add log_append tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 21:43:22 +03:00
Mohammed Al Sahaf	8381d14a58	add intercept tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 21:43:14 +03:00
Mohammed Al Sahaf	59f14a8393	fix incorrect usage of atomics in tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 19:51:28 +03:00
Mohammed Al Sahaf	937a4c19c7	move tests of LoggableHTTPHeader and LoggableStringArray ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 19:41:16 +03:00
Mohammed Al Sahaf	5fe8407e2a	Merge branch 'master' into add-tests	2026-06-05 19:33:22 +03:00
Mohammed Al Sahaf	7e5b614ed0	add certificate generation tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 19:26:47 +03:00
Mohammed Al Sahaf	7dc498416b	add frontmatter tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 19:26:17 +03:00
Mohammed Al Sahaf	c7f82d12e9	add request_body tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 19:25:19 +03:00
Mohammed Al Sahaf	b56604c4f8	test push handler ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 18:26:38 +03:00
Mohammed Al Sahaf	07fcf88567	test TLS values ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 18:26:16 +03:00
Mohammed Al Sahaf	42bdf8933e	add tests for upstream host ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 18:06:24 +03:00
Mohammed Al Sahaf	4b3453e496	add compression tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 18:01:35 +03:00
Mohammed Al Sahaf	8619b04834	add caddyauth tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 18:00:44 +03:00
Mohammed Al Sahaf	4e047f5ca6	add tests for proxyprotocol policy parsing ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 17:59:18 +03:00
Mohammed Al Sahaf	f014502b75	test firstBytesLookLikeHTTP func ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 17:57:24 +03:00
Mohammed Al Sahaf	3a3f103be1	add server options tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 17:55:04 +03:00
Mohammed Al Sahaf	d6f959520c	add import tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 17:53:04 +03:00
Mohammed Al Sahaf	13d2ccfd57	add adapter tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-05 17:52:00 +03:00
Y.Horie	d730df2a83	cmd: colored error message in WrapCommandFuncForCobra (#7760) (#7768) ... Signed-off-by: Y.Horie <u5.horie@gmail.com> Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-06-04 21:41:35 -04:00
Rhul	3b7bde8f25	httpcaddyfile: error on duplicate named_routes (#7800) ... * fix: error on duplicate named_routes Fixes issue #7798 Validate named route names before inserting them into the named route map. This prevents later definitions from overwriting existing named routes and returns an error when a route name is defined more than once. * test: add test for duplicate named_routes	2026-06-04 14:55:08 -04:00
Muhammad Syafri, S.Kom	915793f6e0	caddyhttp: add {http.request.proto_name} placeholder for spec-compliant protocol names (#7782) ... * caddyhttp: add {http.request.proto_name} placeholder for spec-compliant protocol names {http.request.proto} exposes Go's raw http.Request.Proto field which returns HTTP/2.0 and HTTP/3.0 for HTTP/2 and HTTP/3 respectively. These strings are non-standard since the specs define them as HTTP/2 and HTTP/3. To preserve backward compat (especially CGI/FastCGI expectations), {http.request.proto} is kept as-is. A new {http.request.proto_name} placeholder is introduced that normalises the version string to the spec-defined form: HTTP/2.0 -> HTTP/2 HTTP/3.0 -> HTTP/3 all others returned unchanged Closes #7734 * caddyhttp: Use ProtoMajor for proto_name normalization and update docs --------- Co-authored-by: jalikajalika5 <105954036+jalikajalika5@users.noreply.github.com>	2026-06-04 11:03:19 -04:00
WeidiDeng	fcc7860d03	reverseproxy: replace placeholders specified for sni while using http3 (#7737) ... * reverseproxy: replace placeholders specified for sni while using http3 * add test for placeholder * reverseproxy: replace placeholders specified for sni while using http3 * add test for placeholder * reverseproxy: test HTTP/3 SNI host placeholder --------- Co-authored-by: Zen Dodd <mail@steadytao.com>	2026-06-02 21:49:00 -06:00
JM Sanchez	e2eee6a7fc	templates: Patch for GHSA-vcc4-2c75-vc9v (#7785) ... * Patch GHSA-vcc4-2c75-vc9v in stripHTML templates: fix funcStripHTML bypass via depth counter The previous false-start approach allowed XSS bypass via inputs like <<>img src=x onerror=alert(1)> and failed on stacked angle brackets. Replace the tagStart/inTag state machine with a depth counter that mirrors PHP strip_tags behaviour: each '<' increments depth, each '>' decrements it, and text is only emitted at depth zero. Quoted attribute values (both single and double) are tracked so '>' inside href values does not prematurely close a tag. Signed-off-by: JM Sanchez <77505889+jmrcsnchz@users.noreply.github.com> * Update tplcontext_test.go Templates: expand TestStripHTML with attack path coverage Signed-off-by: JM Sanchez <77505889+jmrcsnchz@users.noreply.github.com> --------- Signed-off-by: JM Sanchez <77505889+jmrcsnchz@users.noreply.github.com>	2026-06-01 13:35:02 -06:00
Bruno Teixeira Lopes	0e8eb41b87	httpcaddyfile: fix incorrect error message on duplicate matchers (#7780) ... Parse each matcher segment individually using NewDispenser(segment) instead of DispenseDirective(dir), which coalesced all same-name segments into one token stream. This caused the second definition name to be misinterpreted as a matcher module name, producing 'module not registered: http.matchers.@name' instead of the correct 'matcher is defined more than once' error. By parsing segments individually, the existing duplicate check in parseMatcherDefinitions naturally catches the duplicate on the second pass. Signed-off-by: Brunotlps <brunoteixlps@gmail.com>	2026-05-30 07:05:41 +10:00
Kévin Dunglas	3eb8e48ff0	Merge commit from fork ... * feat: drop headers with underscore in their names * feat: Caddyfile binding and tests for underscore-in-header drop Add the `allow_underscore_in_headers` global server option, refine the doc comment, and cover the filter end-to-end: server-level unit tests (drop, opt-out, debug log, RFC-7230 space rejection), a fastcgi unit test for the trimmed header name replacer, and forward_auth integration tests for both the default-drop and opt-out paths. * remove allow_underscore_in_headers option for now	2026-05-29 11:37:17 -06:00
Muhammad Syafri, S.Kom	03e08ee6a9	encode: prioritize zstd and br over gzip in content negotiation (#7772) ... * fix(encode): prioritize zstd and br over gzip in content negotiation * test(encode): update unit tests to reflect new default priority ties * fix(encode): move default preferences to dynamic encode handler and restore generic negotiation helper * test(encode): call real Provision function in served-response test * test(encode): rename served-response test to TestServeHTTPDefaultEncodingPreference * refactor(encode): use slices.SortStableFunc and httptest.NewRecorder as recommended * refactor(encode): simplify sorting with cmp.Compare and check request error in test * test(encode): fix variable redeclaration in TestServeHTTPDefaultEncodingPreference Fix 'no new variables on left side of :=' error by changing 'err :=' to 'err =' on line 347, since err was already declared on line 332. This fixes the build failure in the encode module tests.	2026-05-29 05:26:19 +10:00
gelsomino	86121c860f	caddytls: skip idna.ToASCII for pure ASCII SNI values (#7770) ... SNI is always ASCII on the wire (RFC 6066), and most config patterns are also ASCII. For pure ASCII input, idna.ToASCII only validates and lowercases, which is equivalent to a simple strings.ToLower. Add a fast path to avoid the overhead of idna.ToASCII in the common case.	2026-05-28 11:18:09 +10:00
Muhammad Syafri, S.Kom	4d60d936ed	perf(replacer): optimize memory allocation for file placeholders (#7773) ... Co-authored-by: jalikajalika5 <105954036+jalikajalika5@users.noreply.github.com>	2026-05-27 14:20:33 +00:00
Lohit	176b043b01	rewrite: prevent placeholder re-expansion in injected query (#7761) ... When the rewrite URI template ends with a literal '?' and contains a placeholder that expands to client-controlled bytes (e.g. {http.request.header.X-Fwd}), those bytes flow into buildQueryString which runs a second Replacer pass. If the bytes contain placeholder syntax such as {env.SECRET}, that placeholder is evaluated, allowing disclosure of environment variables, files (via {file./path}), or internal request vars through the rewritten request URI. Escape '{' and '}' in the injected query before assigning it to the query variable, so the second pass cannot find any placeholder syntax to evaluate. Operator-written placeholders in the rewrite template are already expanded by the first pass on the path component, so the only '{' or '}' surviving into the injected query must have come from replacement values. Fixes GHSA-j8px-rmrx-76h9. Includes three regression tests mirroring the 'is not re-expanded' tests in modules/caddyhttp/vars_test.go. Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2026-05-26 16:51:18 -06:00
Matthew Holt	4c04143261	Clarify policies for agents / LLM use	2026-05-26 14:03:39 -06:00
Zen Dodd	94fcea08f4	go.mod: update x/net (#7767)	2026-05-25 12:24:44 -04:00
Matthew Holt	44b667a79f	go.mod: Update x/crypto	2026-05-22 09:25:04 -06:00
Vincent Yang	217a785824	caddyhttp: normalize Windows backslashes in path matcher (#7763)	2026-05-21 11:28:40 -06:00
dependabot[bot]	b5898c3f32	build(deps): bump the all-updates group across 1 directory with 9 updates (#7752) ... Bumps the all-updates group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github.com/alecthomas/chroma/v2](https://github.com/alecthomas/chroma) | `2.23.1` | `2.24.1` | | [github.com/google/cel-go](https://github.com/google/cel-go) | `0.28.0` | `0.28.1` | | [github.com/klauspost/compress](https://github.com/klauspost/compress) | `1.18.5` | `1.18.6` | | [go.opentelemetry.io/contrib/exporters/autoexport](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.65.0` | `0.68.0` | | [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.67.0` | `0.68.0` | | [go.opentelemetry.io/contrib/propagators/autoprop](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.65.0` | `0.68.0` | | [go.uber.org/zap](https://github.com/uber-go/zap) | `1.27.1` | `1.28.0` | | [golang.org/x/net](https://github.com/golang/net) | `0.53.0` | `0.54.0` | | [github.com/pires/go-proxyproto](https://github.com/pires/go-proxyproto) | `0.11.0` | `0.12.0` | Updates `github.com/alecthomas/chroma/v2` from 2.23.1 to 2.24.1 - [Release notes](https://github.com/alecthomas/chroma/releases) - [Commits](https://github.com/alecthomas/chroma/compare/v2.23.1...v2.24.1) Updates `github.com/google/cel-go` from 0.28.0 to 0.28.1 - [Release notes](https://github.com/google/cel-go/releases) - [Commits](https://github.com/google/cel-go/compare/v0.28.0...v0.28.1) Updates `github.com/klauspost/compress` from 1.18.5 to 1.18.6 - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](https://github.com/klauspost/compress/compare/v1.18.5...v1.18.6) Updates `go.opentelemetry.io/contrib/exporters/autoexport` from 0.65.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.65.0...zpages/v0.68.0) Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.67.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.67.0...zpages/v0.68.0) Updates `go.opentelemetry.io/contrib/propagators/autoprop` from 0.65.0 to 0.68.0 - [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases) - [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.65.0...zpages/v0.68.0) Updates `go.uber.org/zap` from 1.27.1 to 1.28.0 - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](https://github.com/uber-go/zap/compare/v1.27.1...v1.28.0) Updates `golang.org/x/net` from 0.53.0 to 0.54.0 - [Commits](https://github.com/golang/net/compare/v0.53.0...v0.54.0) Updates `github.com/pires/go-proxyproto` from 0.11.0 to 0.12.0 - [Release notes](https://github.com/pires/go-proxyproto/releases) - [Commits](https://github.com/pires/go-proxyproto/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: github.com/alecthomas/chroma/v2 dependency-version: 2.24.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: github.com/google/cel-go dependency-version: 0.28.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-updates - dependency-name: github.com/klauspost/compress dependency-version: 1.18.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-updates - dependency-name: go.opentelemetry.io/contrib/exporters/autoexport dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: go.opentelemetry.io/contrib/propagators/autoprop dependency-version: 0.68.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: go.uber.org/zap dependency-version: 1.28.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: golang.org/x/net dependency-version: 0.54.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates - dependency-name: github.com/pires/go-proxyproto dependency-version: 0.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-updates ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Zen Dodd <mail@steadytao.com>	2026-05-20 12:17:10 -06:00
Zen Dodd	9505c0baa0	caddytls: match IDN SNI in connection policies (#7742)	2026-05-20 13:52:28 -04:00
WeidiDeng	ad912569b5	reverseproxy: wraps request body to prevent closing if not read (#7719) ... Co-authored-by: Matt Holt <mholt@users.noreply.github.com>	2026-05-20 17:35:40 +00:00
Zen Dodd	6a210e96ee	caddyfile: preserve implicit TLS issuer semantics (#7743)	2026-05-20 12:48:37 -04:00
Zen Dodd	6628c4a9de	cmd: support caddy start on IPv6-only hosts (#7744)	2026-05-20 10:17:34 -04:00
Zen Dodd	408d20a0e5	caddyauth: add candidate placeholders for rejected identities (#7698)	2026-05-20 13:51:54 +00:00
Eyüp Can Akman	0b265eb845	reverseproxy: Add regression test for DialInfo network override (#7758)	2026-05-20 09:43:58 -04:00
Zen Dodd	88037f1666	chore: clean up wording and typo fixes (#7745) ... * chore: clean up wording and typo fixes * chore: ASCII -> alphanumeric in lexer for heredoc marker	2026-05-20 16:36:30 +10:00
cbro	325c244ea7	caddytls: fix TLS state races and ECH rotation retry (#7756) ... * caddytls: fix data race in session ticket key rotation stayUpdated copies the map header (configs := s.configs) under the lock, then iterates the original map after releasing it. Concurrent calls to register/unregister mutate the same map. Hold the lock for the entire iteration instead. * caddytls: fix data race in AllMatchingCertificates AllMatchingCertificates reads the package-level certCache without acquiring certCacheMu, while Cleanup sets certCache to nil under the write lock. The adjacent HasCertificateForSubject correctly acquires certCacheMu.RLock. Add the missing RLock/RUnlock to match. * caddytls: fix ECH key rotation stopping permanently on error When rotateECHKeys returns an error, the rotation goroutine returns immediately, stopping all future key rotation for the lifetime of the process. Change return to continue, matching the error handling for publishECHConfigs two lines below.	2026-05-20 16:35:40 +10:00
Brett Bethke	0125ae39cc	caddyhttp: omit Last-Modified for unusable mod times (#7740) ... See #5548 and #7730	2026-05-20 16:19:11 +10:00
Mohammed Al Sahaf	72875401e3	Merge branch 'master' into add-tests ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-05-20 02:59:11 +03:00
Mohammed Al Sahaf	704394d9d1	chore: deps upgrade (#7751) ... Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>	2026-05-20 02:42:19 +03:00