From d49f762f6d9cdc2e92e8de40f0b0e99a9d0c4fc9 Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Fri, 21 Jun 2019 14:36:26 -0600 Subject: Various bug fixes and minor improvements - Fix static responder so it doesn't replace its own headers config, and instead replaces the actual response header values - caddyhttp.ResponseRecorder type optionally buffers response - Add interface guards to ensure regexp matchers get provisioned - Use default HTTP port if one is not explicitly set - Encode middleware writes status code 200 if not written upstream - Templates and markdown only try to execute on text responses - Static file server sets Content-Type based on file extension only (this whole thing -- MIME sniffing, etc -- needs more configurability) --- modules/caddyhttp/fileserver/browse.go | 1 + modules/caddyhttp/fileserver/staticfiles.go | 14 +++++++++++--- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'modules/caddyhttp/fileserver') diff --git a/modules/caddyhttp/fileserver/browse.go b/modules/caddyhttp/fileserver/browse.go index 1329541..5dda294 100644 --- a/modules/caddyhttp/fileserver/browse.go +++ b/modules/caddyhttp/fileserver/browse.go @@ -66,6 +66,7 @@ func (fsrv *FileServer) serveBrowse(dirPath string, w http.ResponseWriter, r *ht } w.Header().Set("Content-Type", "text/html; charset=utf-8") } + buf.WriteTo(w) return nil diff --git a/modules/caddyhttp/fileserver/staticfiles.go b/modules/caddyhttp/fileserver/staticfiles.go index 080e1a8..49c2be4 100644 --- a/modules/caddyhttp/fileserver/staticfiles.go +++ b/modules/caddyhttp/fileserver/staticfiles.go @@ -4,6 +4,7 @@ import ( "fmt" "html/template" weakrand "math/rand" + "mime" "net/http" "os" "path" @@ -185,14 +186,21 @@ func (fsrv *FileServer) ServeHTTP(w http.ResponseWriter, r *http.Request) error // TODO: Etag - // do not allow Go to sniff the content-type if w.Header().Get("Content-Type") == "" { - w.Header()["Content-Type"] = nil + mtyp := mime.TypeByExtension(filepath.Ext(filename)) + if mtyp == "" { + // do not allow Go to sniff the content-type; see + // https://www.youtube.com/watch?v=8t8JYpt0egE + // TODO: Consider writing a default mime type of application/octet-stream - this is secure but violates spec + w.Header()["Content-Type"] = nil + } else { + w.Header().Set("Content-Type", mtyp) + } } // let the standard library do what it does best; note, however, // that errors generated by ServeContent are written immediately - // to the response, so we cannot handle them (but errors here + // to the response, so we cannot handle them (but errors there // are rare) http.ServeContent(w, r, info.Name(), info.ModTime(), file) -- cgit v1.2.3