summaryrefslogtreecommitdiff
path: root/caddyconfig/httpcaddyfile
diff options
context:
space:
mode:
authorMatt Holt <mholt@users.noreply.github.com>2022-10-12 09:27:08 -0600
committerGitHub <noreply@github.com>2022-10-12 09:27:08 -0600
commit3e1fd2a8d4d1463574033fbbdf5c27a693f9a86c (patch)
treed1d1390daf7339278bd4aedeb5bbb2ee9fba0242 /caddyconfig/httpcaddyfile
parent33f60da9f2d6edc5de550275f043c4262d23f6ca (diff)
httpcaddyfile: Wrap site block in subroute if host matcher used (#5130)
* httpcaddyfile: Wrap site block in subroute if host matcher used (fix #5124) * Correct boolean logic (oops)
Diffstat (limited to 'caddyconfig/httpcaddyfile')
-rw-r--r--caddyconfig/httpcaddyfile/httptype.go32
1 files changed, 28 insertions, 4 deletions
diff --git a/caddyconfig/httpcaddyfile/httptype.go b/caddyconfig/httpcaddyfile/httptype.go
index c220c06..77f990b 100644
--- a/caddyconfig/httpcaddyfile/httptype.go
+++ b/caddyconfig/httpcaddyfile/httptype.go
@@ -907,11 +907,32 @@ func appendSubrouteToRouteList(routeList caddyhttp.RouteList,
return routeList
}
+ // No need to wrap the handlers in a subroute if this is the only server block
+ // and there is no matcher for it (doing so would produce unnecessarily nested
+ // JSON), *unless* there is a host matcher within this site block; if so, then
+ // we still need to wrap in a subroute because otherwise the host matcher from
+ // the inside of the site block would be a top-level host matcher, which is
+ // subject to auto-HTTPS (cert management), and using a host matcher within
+ // a site block is a valid, common pattern for excluding domains from cert
+ // management, leading to unexpected behavior; see issue #5124.
+ wrapInSubroute := true
if len(matcherSetsEnc) == 0 && len(p.serverBlocks) == 1 {
- // no need to wrap the handlers in a subroute if this is
- // the only server block and there is no matcher for it
- routeList = append(routeList, subroute.Routes...)
- } else {
+ var hasHostMatcher bool
+ outer:
+ for _, route := range subroute.Routes {
+ for _, ms := range route.MatcherSetsRaw {
+ for matcherName := range ms {
+ if matcherName == "host" {
+ hasHostMatcher = true
+ break outer
+ }
+ }
+ }
+ }
+ wrapInSubroute = hasHostMatcher
+ }
+
+ if wrapInSubroute {
route := caddyhttp.Route{
// the semantics of a site block in the Caddyfile dictate
// that only the first matching one is evaluated, since
@@ -929,7 +950,10 @@ func appendSubrouteToRouteList(routeList caddyhttp.RouteList,
if len(route.MatcherSetsRaw) > 0 || len(route.HandlersRaw) > 0 {
routeList = append(routeList, route)
}
+ } else {
+ routeList = append(routeList, subroute.Routes...)
}
+
return routeList
}