diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index b77677bff..a4f450204 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -513,7 +513,8 @@ func (m *MatchHeader) UnmarshalCaddyfile(d *caddyfile.Dispenser) error { // Match returns true if r matches m. func (m MatchHeader) Match(r *http.Request) bool { - return matchHeaders(r.Header, http.Header(m), r.Host) + repl := r.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) + return matchHeaders(r.Header, http.Header(m), r.Host, repl) } // getHeaderFieldVals returns the field values for the given fieldName from input. @@ -530,7 +531,7 @@ func getHeaderFieldVals(input http.Header, fieldName, host string) []string { // matchHeaders returns true if input matches the criteria in against without regex. // The host parameter should be obtained from the http.Request.Host field since // net/http removes it from the header map. -func matchHeaders(input, against http.Header, host string) bool { +func matchHeaders(input, against http.Header, host string, repl *caddy.Replacer) bool { for field, allowedFieldVals := range against { actualFieldVals := getHeaderFieldVals(input, field, host) if allowedFieldVals != nil && len(allowedFieldVals) == 0 && actualFieldVals != nil { @@ -546,6 +547,9 @@ func matchHeaders(input, against http.Header, host string) bool { fieldVals: for _, actualFieldVal := range actualFieldVals { for _, allowedFieldVal := range allowedFieldVals { + if repl != nil { + allowedFieldVal = repl.ReplaceAll(allowedFieldVal, "") + } switch { case allowedFieldVal == "*": match = true @@ -985,7 +989,7 @@ func (rm ResponseMatcher) Match(statusCode int, hdr http.Header) bool { if !rm.matchStatusCode(statusCode) { return false } - return matchHeaders(hdr, rm.Headers, "") + return matchHeaders(hdr, rm.Headers, "", nil) } func (rm ResponseMatcher) matchStatusCode(statusCode int) bool { diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index ab4487d12..5163df13f 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -397,6 +397,9 @@ func TestPathREMatcher(t *testing.T) { } func TestHeaderMatcher(t *testing.T) { + repl := caddy.NewReplacer() + repl.Set("a", "foobar") + for i, tc := range []struct { match MatchHeader input http.Header // make sure these are canonical cased (std lib will do that in a real request) @@ -490,8 +493,26 @@ func TestHeaderMatcher(t *testing.T) { input: http.Header{"Must-Not-Exist": []string{"do not match"}}, expect: false, }, + { + match: MatchHeader{"Foo": []string{"{a}"}}, + input: http.Header{"Foo": []string{"foobar"}}, + expect: true, + }, + { + match: MatchHeader{"Foo": []string{"{a}"}}, + input: http.Header{"Foo": []string{"asdf"}}, + expect: false, + }, + { + match: MatchHeader{"Foo": []string{"{a}*"}}, + input: http.Header{"Foo": []string{"foobar-baz"}}, + expect: true, + }, } { req := &http.Request{Header: tc.input, Host: tc.host} + ctx := context.WithValue(req.Context(), caddy.ReplacerCtxKey, repl) + req = req.WithContext(ctx) + actual := tc.match.Match(req) if actual != tc.expect { t.Errorf("Test %d %v: Expected %t, got %t for '%s'", i, tc.match, tc.expect, actual, tc.input)