Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-07-09 03:04:57 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

reverse proxy: validate versions in http transport

Browse Source
This commit is contained in:
WeidiDeng 2025-07-08 09:25:22 +08:00
parent 77dd12cc78
commit 6c272ec860
No known key found for this signature in database
GPG Key ID: 25F87CE1741EC7CD
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/caddyhttp/reverseproxy/httptransport.go
View File

@ -171,12 +171,25 @@ func (HTTPTransport) CaddyModule() caddy.ModuleInfo {
} }
} }
var (
allowedVersions = []string{"1.1", "2", "h2c", "3"}
allowedVersionsString = strings.Join(allowedVersions, ", ")
)
// Provision sets up h.Transport with a *http.Transport // Provision sets up h.Transport with a *http.Transport
// that is ready to use. // that is ready to use.
func (h *HTTPTransport) Provision(ctx caddy.Context) error { func (h *HTTPTransport) Provision(ctx caddy.Context) error {
if len(h.Versions) == 0 { if len(h.Versions) == 0 {
h.Versions = []string{"1.1", "2"} h.Versions = []string{"1.1", "2"}
} }
// some users may provide http versions not recognized by caddy, instead of trying to
// guess the version, we just error out and let the user fix their config
// see: https://github.com/caddyserver/caddy/issues/7111
for _, v := range h.Versions {
if !slices.Contains(allowedVersions, v) {
return fmt.Errorf("unsupported HTTP version: %s, supported version: %s", v, allowedVersionsString)
}
}
rt, err := h.NewTransport(ctx) rt, err := h.NewTransport(ctx)
if err != nil { if err != nil {