be/int/web/reception/browser: fixes canonicalization methods for methods and headers are mixed

ufukty · ufukty · commit 6b977fce9d25 · 2025-12-12T18:34:34.000+03:00
diff --git a/backend/internal/web/reception/browser/matcher.go b/backend/internal/web/reception/browser/matcher.go
@@ -2,6 +2,7 @@ package browser
 
 import (
 	"maps"
+	"net/http"
 	"slices"
 	"strings"
 )
@@ -11,10 +12,10 @@ type allowance struct {
 	headers map[string]any
 }
 
-func lookup(ss []string) map[string]any {
+func lookup(ss []string, canonicalize func(string) string) map[string]any {
 	us := make(map[string]any, len(ss))
 	for _, s := range ss {
-		us[strings.ToLower(s)] = nil
+		us[canonicalize(s)] = nil
 	}
 	return us
 }
@@ -24,13 +25,13 @@ func has[K comparable, V any](m map[K]V, k K) bool {
 	return ok
 }
 
-func contains(asked string, allowed map[string]any) bool {
-	return has(allowed, strings.ToLower(asked))
+func contains(asked string, allowed map[string]any, canonicalize func(string) string) bool {
+	return has(allowed, canonicalize(asked))
 }
 
-func containsAll(asked []string, allowed map[string]any) bool {
+func containsAll(asked []string, allowed map[string]any, canonicalize func(string) string) bool {
 	for _, a := range asked {
-		if !contains(a, allowed) {
+		if !contains(a, allowed, canonicalize) {
 			return false
 		}
 	}
@@ -54,8 +55,8 @@ func NewMatcher(origin, path StringMatcher, allowedmethods, allowedheaders []str
 		origin: origin,
 		path:   path,
 		allowance: &allowance{
-			methods: lookup(allowedmethods),
-			headers: lookup(allowedheaders),
+			methods: lookup(allowedmethods, strings.ToLower),
+			headers: lookup(allowedheaders, http.CanonicalHeaderKey),
 		},
 	}
 }
@@ -72,10 +73,10 @@ func (m Matcher) Match(origin, method, path string, headers []string) *Scope {
 	if !m.origin.MatchString(origin) || !m.path.MatchString(path) {
 		return nil
 	}
-	if !contains(method, m.allowance.methods) {
+	if !contains(method, m.allowance.methods, strings.ToLower) {
 		return nil
 	}
-	if !containsAll(headers, m.allowance.headers) {
+	if !containsAll(headers, m.allowance.headers, http.CanonicalHeaderKey) {
 		return nil
 	}
 	return &Scope{

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@ package browser`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"maps"`
	`5`	`+ "net/http"`
`5`	`6`	`"slices"`
`6`	`7`	`"strings"`
`7`	`8`	`)`
`@@ -11,10 +12,10 @@ type allowance struct {`
`11`	`12`	`headers map[string]any`
`12`	`13`	`}`
`13`	`14`
`14`		`-func lookup(ss []string) map[string]any {`
	`15`	`+func lookup(ss []string, canonicalize func(string) string) map[string]any {`
`15`	`16`	`us := make(map[string]any, len(ss))`
`16`	`17`	`for _, s := range ss {`
`17`		`- us[strings.ToLower(s)] = nil`
	`18`	`+ us[canonicalize(s)] = nil`
`18`	`19`	`}`
`19`	`20`	`return us`
`20`	`21`	`}`
`@@ -24,13 +25,13 @@ func has[K comparable, V any](m map[K]V, k K) bool {`
`24`	`25`	`return ok`
`25`	`26`	`}`
`26`	`27`
`27`		`-func contains(asked string, allowed map[string]any) bool {`
`28`		`- return has(allowed, strings.ToLower(asked))`
	`28`	`+func contains(asked string, allowed map[string]any, canonicalize func(string) string) bool {`
	`29`	`+ return has(allowed, canonicalize(asked))`
`29`	`30`	`}`
`30`	`31`
`31`		`-func containsAll(asked []string, allowed map[string]any) bool {`
	`32`	`+func containsAll(asked []string, allowed map[string]any, canonicalize func(string) string) bool {`
`32`	`33`	`for _, a := range asked {`
`33`		`- if !contains(a, allowed) {`
	`34`	`+ if !contains(a, allowed, canonicalize) {`
`34`	`35`	`return false`
`35`	`36`	`}`
`36`	`37`	`}`
`@@ -54,8 +55,8 @@ func NewMatcher(origin, path StringMatcher, allowedmethods, allowedheaders []str`
`54`	`55`	`origin: origin,`
`55`	`56`	`path: path,`
`56`	`57`	`allowance: &allowance{`
`57`		`- methods: lookup(allowedmethods),`
`58`		`- headers: lookup(allowedheaders),`
	`58`	`+ methods: lookup(allowedmethods, strings.ToLower),`
	`59`	`+ headers: lookup(allowedheaders, http.CanonicalHeaderKey),`
`59`	`60`	`},`
`60`	`61`	`}`
`61`	`62`	`}`
`@@ -72,10 +73,10 @@ func (m Matcher) Match(origin, method, path string, headers []string) *Scope {`
`72`	`73`	`if !m.origin.MatchString(origin) \|\| !m.path.MatchString(path) {`
`73`	`74`	`return nil`
`74`	`75`	`}`
`75`		`- if !contains(method, m.allowance.methods) {`
	`76`	`+ if !contains(method, m.allowance.methods, strings.ToLower) {`
`76`	`77`	`return nil`
`77`	`78`	`}`
`78`		`- if !containsAll(headers, m.allowance.headers) {`
	`79`	`+ if !containsAll(headers, m.allowance.headers, http.CanonicalHeaderKey) {`
`79`	`80`	`return nil`
`80`	`81`	`}`
`81`	`82`	`return &Scope{`