serv/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2024-12-27 06:03:48 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

headers: Only replace known placeholders (#4880)

Browse source
This commit is contained in:
Francis Lavoie 2022-07-12 14:16:03 -04:00 committed by GitHub
parent d6bc9e0b5c
commit 53c4d788d4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
modules/caddyhttp/headers/headers.go
View file

@ -194,27 +194,27 @@ type RespHeaderOps struct {
func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) { func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) {
// add // add
for fieldName, vals := range ops.Add { for fieldName, vals := range ops.Add {
fieldName = repl.ReplaceAll(fieldName, "") fieldName = repl.ReplaceKnown(fieldName, "")
for _, v := range vals { for _, v := range vals {
hdr.Add(fieldName, repl.ReplaceAll(v, "")) hdr.Add(fieldName, repl.ReplaceKnown(v, ""))
} }
} }
// set // set
for fieldName, vals := range ops.Set { for fieldName, vals := range ops.Set {
fieldName = repl.ReplaceAll(fieldName, "") fieldName = repl.ReplaceKnown(fieldName, "")
var newVals []string var newVals []string
for i := range vals { for i := range vals {
// append to new slice so we don't overwrite // append to new slice so we don't overwrite
// the original values in ops.Set // the original values in ops.Set
newVals = append(newVals, repl.ReplaceAll(vals[i], "")) newVals = append(newVals, repl.ReplaceKnown(vals[i], ""))
} }
hdr.Set(fieldName, strings.Join(newVals, ",")) hdr.Set(fieldName, strings.Join(newVals, ","))
} }
// delete // delete
for _, fieldName := range ops.Delete { for _, fieldName := range ops.Delete {
fieldName = strings.ToLower(repl.ReplaceAll(fieldName, "")) fieldName = strings.ToLower(repl.ReplaceKnown(fieldName, ""))
switch { switch {
case strings.HasPrefix(fieldName, "*") && strings.HasSuffix(fieldName, "*"): case strings.HasPrefix(fieldName, "*") && strings.HasSuffix(fieldName, "*"):
for existingField := range hdr { for existingField := range hdr {
@ -241,13 +241,13 @@ func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) {
// replace // replace
for fieldName, replacements := range ops.Replace { for fieldName, replacements := range ops.Replace {
fieldName = http.CanonicalHeaderKey(repl.ReplaceAll(fieldName, "")) fieldName = http.CanonicalHeaderKey(repl.ReplaceKnown(fieldName, ""))
// all fields... // all fields...
if fieldName == "*" { if fieldName == "*" {
for _, r := range replacements { for _, r := range replacements {
search := repl.ReplaceAll(r.Search, "") search := repl.ReplaceKnown(r.Search, "")
replace := repl.ReplaceAll(r.Replace, "") replace := repl.ReplaceKnown(r.Replace, "")
for fieldName, vals := range hdr { for fieldName, vals := range hdr {
for i := range vals { for i := range vals {
if r.re != nil { if r.re != nil {
@ -263,8 +263,8 @@ func (ops HeaderOps) ApplyTo(hdr http.Header, repl *caddy.Replacer) {
// ...or only with the named field // ...or only with the named field
for _, r := range replacements { for _, r := range replacements {
search := repl.ReplaceAll(r.Search, "") search := repl.ReplaceKnown(r.Search, "")
replace := repl.ReplaceAll(r.Replace, "") replace := repl.ReplaceKnown(r.Replace, "")
for hdrFieldName, vals := range hdr { for hdrFieldName, vals := range hdr {
// see issue #4330 for why we don't simply use hdr[fieldName] // see issue #4330 for why we don't simply use hdr[fieldName]
if http.CanonicalHeaderKey(hdrFieldName) != fieldName { if http.CanonicalHeaderKey(hdrFieldName) != fieldName {