* chore: ugh, lint fix...
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* more lint fixes
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
`pflag.GetStringSlice` treats commas as delimiters, which causes issues
when passing headers whose values contain commas (`X-Robots-Tag:
noindex, nofollow`). These are incorrectly split into multiple headers
and errors out:
- `X-Robots-Tag: noindex`
- ` nofollow`
Switch to `pflag.GetStringArray`, which does not split on commas[1].
Note that this changes behavior for cases where multiple headers were
provided in a single argument with commas (`--header-down "X-Foo:
Bar,X-Bar: Foo"`). Such cases will now be treated as a single header
value. If this breaking change is unacceptable, we will need a smarter
fallback mechanism.
[1] https://github.com/spf13/pflag/pull/90
* set Content-Length for precompressed files
* Update modules/caddyhttp/fileserver/staticfiles.go
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* use the new http.Protocols to handle h1, h2 and h2c requests
* fix lint
* keep ConnCtxKey for now
* fix handling for h2c
* check http version while reading the connection
* check if connection implements connectionStater when it should
* add comments about either h1 or h2 must be used in the listener
* fix if check
* return a net.Conn that implements connectionStater if applicable
* remove http/1.1 from alpn if h1 is disabled
* fix matching if only h1 is enabled
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* http: clean up listeners if some of the listeners fail to bind
* check for nil server due to failure to start
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* feat: add bcrypt cost parameter to hash-password
* revert: typos
* refactor: take the cost out of interface
* fix: default bcrypt cost to 14
* fix: follow bcrypt library for min and max cost
* doc: mention defaultBcryptCost in cost parameter description
* chore: gci format
* fix: more specific bcrypt cost algorithm flag
* feat: bcrypt cost provisioning
* Revert "feat: bcrypt cost provisioning"
This reverts commit e09d4bd036.
* chore: gci format
* chore: gci format
* chore: gci format
* chore: golangcilint fmted
---------
Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* fix: resolve http.request placeholders in header directive find operation
- Skip regex compilation during provision when placeholders are detected
- Compile regex at runtime after placeholder replacement
- Preserves performance for static regexes while enabling dynamic placeholders
- Fixes#7109
* test: add tests for placeholder detection in header replacements
- Test containsPlaceholders function edge cases
- Test provision skips compilation for dynamic regexes
- Test end-to-end placeholder replacement functionality
* client_auth: wire up leaf verifier Caddyfile
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* review feedback + tests
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* chore: upgrade .golangci.yml and workflow to v2
run `golangci-lint fmt`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* run `golangci-lint run --fix`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* more lint fixes
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* bring back comments to .golangci.yml
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* appease the linter some more
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* oops
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* use embedded structs
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* use embedded structs where they were used before
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* disable rule `-QF1006`
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* missed a spot
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* caddytls: Prefer managed wildcard certs over individual subdomain certs
* Repurpose force_automate as no_wildcard
* Fix a couple bugs
* Restore force_automate and use automate loader as wildcard override
