Skip to content

Commit 4d376d5

Browse files
creachadaircreachadair
committed
revproxy: simplify the rules for host matching
Remove the wildcard matches, since we do not issue wildcard certs. We could do so, but that way lies madness. Do it if we need to, but later.
1 parent 5c08906 commit 4d376d5

File tree

2 files changed

+5
-43
lines changed

2 files changed

+5
-43
lines changed

revproxy/internal_test.go

Lines changed: 0 additions & 26 deletions
This file was deleted.

revproxy/revproxy.go

Lines changed: 5 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ import (
4545
// Cache-Control does not include "no-store", and does include "immutable".
4646
//
4747
// In addition, a successful response that is not immutable and specifies a
48-
// max-age will be cached temporarily in-memory, up to the maximum of 1h.
48+
// max-age will be cached temporarily in-memory.
4949
//
5050
// # Cache Format
5151
//
@@ -67,10 +67,7 @@ import (
6767
// the storage key of the cache object.
6868
type Server struct {
6969
// Targets is the list of hosts for which the proxy should forward requests.
70-
//
71-
// Each target is either a hostname ("host.domain.com"), which matches
72-
// hostnames exactly, or a pattern of the form "*.domain.com" which matches
73-
// hostnames like "domain.com" and "something.domain.com".
70+
// Host names should be fully-qualified ("host.example.com").
7471
Targets []string
7572

7673
// Local is the path of a local cache directory where responses are cached.
@@ -149,8 +146,8 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
149146
s.reqReceived.Add(1)
150147

151148
// Check whether this request is to a target we are permitted to proxy for.
152-
if !hostMatchesTarget(r.URL.Host, s.Targets) {
153-
s.logf("reject proxy request for non-target %q", r.URL)
149+
if !hostMatchesTarget(r.Host, s.Targets) {
150+
s.logf("reject proxy request for non-target %q", r.Host)
154151
http.Error(w, http.StatusText(http.StatusBadGateway), http.StatusBadGateway)
155152
return
156153
}
@@ -273,16 +270,7 @@ func (s *Server) logf(msg string, args ...any) {
273270
}
274271

275272
func hostMatchesTarget(host string, targets []string) bool {
276-
return slices.ContainsFunc(targets, func(s string) bool {
277-
if s == host {
278-
return true
279-
} else if tail, ok := strings.CutPrefix(s, "*"); ok {
280-
if strings.HasSuffix(host, tail) || host == strings.TrimPrefix(tail, ".") {
281-
return true
282-
}
283-
}
284-
return false
285-
})
273+
return slices.Contains(targets, host)
286274
}
287275

288276
// canCacheRequest reports whether r is a request whose response can be cached.

0 commit comments

Comments
 (0)