From ddec1838b39a1b61432db4e78f2e752f27c3c769 Mon Sep 17 00:00:00 2001 From: Mohammed Al Sahaf Date: Sat, 1 Nov 2025 18:29:55 +0300 Subject: [PATCH 1/3] caddytls: correct documentation of `LeafFolderLoader` (#7327) * caddytls: correct documentation of `LeafFolderLoader` Signed-off-by: Mohammed Al Sahaf * fmt... Signed-off-by: Mohammed Al Sahaf --------- Signed-off-by: Mohammed Al Sahaf --- modules/caddytls/leaffolderloader.go | 4 ++-- modules/logging/filters_test.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/caddytls/leaffolderloader.go b/modules/caddytls/leaffolderloader.go index 20f5aa82c..fe5e9e244 100644 --- a/modules/caddytls/leaffolderloader.go +++ b/modules/caddytls/leaffolderloader.go @@ -29,9 +29,9 @@ func init() { caddy.RegisterModule(LeafFolderLoader{}) } -// LeafFolderLoader loads certificates and their associated keys from disk +// LeafFolderLoader loads certificates from disk // by recursively walking the specified directories, looking for PEM -// files which contain both a certificate and a key. +// files which contain a certificate. type LeafFolderLoader struct { Folders []string `json:"folders,omitempty"` } diff --git a/modules/logging/filters_test.go b/modules/logging/filters_test.go index 42aa29757..cf35e7178 100644 --- a/modules/logging/filters_test.go +++ b/modules/logging/filters_test.go @@ -404,12 +404,12 @@ func TestMultiRegexpFilterInputSizeLimit(t *testing.T) { // Test with very large input (should be truncated) largeInput := strings.Repeat("test", 300000) // Creates ~1.2MB string out := f.Filter(zapcore.Field{String: largeInput}) - + // The input should be truncated to 1MB and still processed if len(out.String) > 1000000 { t.Fatalf("output string not truncated: length %d", len(out.String)) } - + // Should still contain replacements within the truncated portion if !strings.Contains(out.String, "REPLACED") { t.Fatalf("replacements not applied to truncated input") From 895b56063afcf8b94f4a2a785cbd7c2ac58dd162 Mon Sep 17 00:00:00 2001 From: Cooper de Nicola <47685358+cdenicola@users.noreply.github.com> Date: Sun, 2 Nov 2025 19:04:55 -0800 Subject: [PATCH 2/3] chore: fix golangci-lint error G602 in caddyhttp (#7334) --- modules/caddyhttp/reverseproxy/fastcgi/writer.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/caddyhttp/reverseproxy/fastcgi/writer.go b/modules/caddyhttp/reverseproxy/fastcgi/writer.go index 3af00d9a1..225d8f5f8 100644 --- a/modules/caddyhttp/reverseproxy/fastcgi/writer.go +++ b/modules/caddyhttp/reverseproxy/fastcgi/writer.go @@ -112,7 +112,7 @@ func encodeSize(b []byte, size uint32) int { binary.BigEndian.PutUint32(b, size) return 4 } - b[0] = byte(size) + b[0] = byte(size) //nolint:gosec // false positive; b is made 8 bytes long, then this function is always called with b being at least 4 or 1 byte long return 1 } From 8285eba8426e3c75ed81d6a8c5cd6ec685430d47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 4 Nov 2025 05:00:27 +0100 Subject: [PATCH 3/3] caddyhttp: allow customizing the Server header (#7338) --- modules/caddyhttp/server.go | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/modules/caddyhttp/server.go b/modules/caddyhttp/server.go index ac30f4028..f4d362496 100644 --- a/modules/caddyhttp/server.go +++ b/modules/caddyhttp/server.go @@ -285,6 +285,11 @@ type Server struct { onStopFuncs []func(context.Context) error // TODO: Experimental (Nov. 2023) } +var ( + ServerHeader = "Caddy" + serverHeader = []string{ServerHeader} +) + // ServeHTTP is the entry point for all HTTP requests. func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { // If there are listener wrappers that process tls connections but don't return a *tls.Conn, this field will be nil. @@ -294,16 +299,14 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } - w.Header().Set("Server", "Caddy") + h := w.Header() + h["Server"] = serverHeader // advertise HTTP/3, if enabled - if s.h3server != nil { - if r.ProtoMajor < 3 { - err := s.h3server.SetQUICHeaders(w.Header()) - if err != nil { - if c := s.logger.Check(zapcore.ErrorLevel, "setting HTTP/3 Alt-Svc header"); c != nil { - c.Write(zap.Error(err)) - } + if s.h3server != nil && r.ProtoMajor < 3 { + if err := s.h3server.SetQUICHeaders(h); err != nil { + if c := s.logger.Check(zapcore.ErrorLevel, "setting HTTP/3 Alt-Svc header"); c != nil { + c.Write(zap.Error(err)) } } } @@ -328,9 +331,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { // enable full-duplex for HTTP/1, ensuring the entire // request body gets consumed before writing the response if s.EnableFullDuplex && r.ProtoMajor == 1 { - //nolint:bodyclose - err := http.NewResponseController(w).EnableFullDuplex() - if err != nil { + if err := http.NewResponseController(w).EnableFullDuplex(); err != nil { //nolint:bodyclose if c := s.logger.Check(zapcore.WarnLevel, "failed to enable full duplex"); c != nil { c.Write(zap.Error(err)) } @@ -417,8 +418,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { var fields []zapcore.Field if s.Errors != nil && len(s.Errors.Routes) > 0 { // execute user-defined error handling route - err2 := s.errorHandlerChain.ServeHTTP(w, r) - if err2 == nil { + if err2 := s.errorHandlerChain.ServeHTTP(w, r); err2 == nil { // user's error route handled the error response // successfully, so now just log the error for _, logger := range errLoggers {