caddy/caddyhttp at 7e83775e3adea8b8da72fea3b159207bd71000dd - caddy - Belway Gitea

Cutlery/caddy

mirror of https://github.com/caddyserver/caddy.git synced 2026-03-07 09:35:34 -05:00

History

Sam.An 7e83775e3a

Merge commit from fork

Only apply repl.ReplaceAll() on values from literal variable names
(e.g. map outputs), not on values resolved from placeholder keys
(e.g. {http.request.header.*}). The placeholder path already resolves
the value via repl.Get(), so a second expansion allows user-controlled
input containing {env.*} or {file.*} to be evaluated, leaking
environment variables and file contents.

Add regression test to verify placeholder-sourced values are not
re-expanded.

2026-03-04 09:08:39 -07:00

..

chore: Add nolints to work around haywire linters (#7493 )

2026-02-17 16:52:54 -07:00

Revert "encode: Implement Flush for legacy compatibility"

2026-02-27 14:14:19 -07:00

fileserver: Fix tests on Windows

2026-02-20 11:46:45 -07:00

chore: Enable modernize linter (#7519 )

2026-02-26 14:01:35 -07:00

intercept: use already buffered response if possible when intercepting (#7028 )

2025-10-21 04:48:07 +00:00

logging: log_append Early option, Supports {http.response.body} (#7368 )

2025-12-16 23:42:42 -05:00

chore: Use slices package where possible (#6585 )

2024-09-25 14:30:56 -06:00

docs: expand proxy protocol docs (#6620 )

2024-10-10 16:21:26 -04:00

chore: Dumb prealloc lint fix (#7430 )

2026-01-13 14:13:43 -05:00

chore: ugh, lint fix... (#7275 )

2025-09-26 03:14:48 -04:00

forward_auth: copy_headers does not strip client-supplied identity headers (Fixes GHSA-7r4p-vjf4-gxv4) (#7545 )

2026-03-03 23:30:49 -05:00

chore: Dumb prealloc lint fix (#7430 )

2026-01-13 14:13:43 -05:00

caddyhttp: New experimental handler for intercepting responses (#6232 )

2024-05-13 17:38:18 +00:00

docs: add maybe template function documentation (#7388 )

2025-12-06 06:51:28 -05:00

tracing: Add span attributes to tracing module (#7269 )

2025-12-31 11:33:18 -07:00

app.go

caddyhttp: {http.request.body_base64} placeholder (#7367 )

2025-12-13 21:01:12 -07:00

autohttps.go

autohttps: Ensure CertMagic config is recreated after autohttps runs (#7510 )

2026-03-03 14:44:06 -07:00

caddyhttp_test.go

caddyhttp: Add test cases to corpus (#6374 )

2024-06-04 14:23:55 -06:00

caddyhttp.go

caddyhttp: Add MatchWithError to replace SetVar hack (#6596 )

2024-11-04 23:18:50 +00:00

celmatcher_test.go

use a more modern writing style to simplify code (#7182 )

2025-08-20 11:41:21 -06:00

celmatcher.go

chore: Add nolints to work around haywire linters (#7493 )

2026-02-17 16:52:54 -07:00

errors.go

use math/rand/v2 instead of math/rand (#7413 )

2026-02-11 09:15:51 -07:00

http2listener.go

caddyhttp: wrap accepted connection to suppress tls.ConnectionState (#7247 )

2025-10-16 03:13:40 +00:00

httpredirectlistener.go

httpredirectlistener: Only set read limit for when request is HTTP (#5917 )

2023-11-20 12:31:36 +00:00

invoke.go

caddyhttp: Implement named routes, invoke directive (#5107 )

2023-05-16 15:27:52 +00:00

ip_matchers.go

caddyhttp: refactor to use reflect.TypeFor (#7187 )

2025-08-18 17:08:46 -06:00

ip_range.go

Move PrivateRangesCIDR() back: add a pass-through function (#6514 )

2024-08-12 05:47:05 -04:00

logging.go

core: custom slog handlers for modules (log contextual data) (#7346 )

2025-11-12 13:29:47 -07:00

marshalers.go

caddyhttp: create a placeholder for and log ech status (#7328 )

2025-12-07 16:01:58 +00:00

matchers_test.go

Merge commit from fork

2026-03-04 09:08:39 -07:00

matchers.go

Merge commit from fork

2026-02-20 10:54:50 -07:00

metrics_test.go

caddyhttp: Collect metrics once per route instead of per handler (#7492 )

2026-03-03 15:15:55 -07:00

metrics.go

caddyhttp: Collect metrics once per route instead of per handler (#7492 )

2026-03-03 15:15:55 -07:00

replacer_test.go

caddyhttp: add replacer placeholders for escaped values (#7181 )

2025-08-25 09:07:51 -06:00

replacer.go

caddyhttp: Evaluate tls.client placeholders more accurately (fix #7530 ) (#7534 )

2026-02-28 22:03:18 -07:00

responsematchers_test.go

reverseproxy: Add handle_response blocks to reverse_proxy (#3710 ) (#4021 )

2021-05-02 12:39:06 -06:00

responsematchers.go

caddyhttp: Allow matching Transfer-Encoding, add to access logs (#6629 )

2024-12-20 11:16:34 -07:00

responsewriter_test.go

caddyhttp: Address some Go 1.20 features (#6252 )

2024-04-24 00:05:57 +00:00

responsewriter.go

caddyhttp: ResponseRecorder sets stream regardless of 1xx

2025-01-27 08:18:37 -07:00

routes.go

caddyhttp: Collect metrics once per route instead of per handler (#7492 )

2026-03-03 15:15:55 -07:00

server_test.go

caddyhttp: Add trusted_proxies_unix for trusting unix socket X-Forwarded-* headers (#7265 )

2025-10-16 02:47:32 +00:00

server.go

caddyhttp: Limit empty Host check to HTTP/1.1

2026-02-27 10:22:39 -07:00

staticerror.go

caddyhttp: run error (msg) through replacer (#6536 )

2024-08-22 11:32:44 -06:00

staticresp_test.go

Move from deprecated ioutil to os and io packages (#4364 )

2021-09-29 11:17:48 -06:00

staticresp.go

chore: Add nolints to work around haywire linters (#7493 )

2026-02-17 16:52:54 -07:00

subroute.go

reverseproxy: Enable changing only the status code (close #2920 )

2020-06-04 12:06:38 -06:00

vars.go

Merge commit from fork

2026-03-04 09:08:39 -07:00