mirror/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-05-24 08:26:58 -04:00
Code Issues Packages Projects Releases Wiki Activity

Change CASE_SENSITIVE_PATH default to false

Browse Source 
A default of true is risky when protecting assets by matching base path.
It's not obvious that protecting /foo/ will allow /Foo/ through, and if
accessing static files on a case-insensitive file system... that's no
good. So the default is now to be case-INsensitive when matching paths.
This commit is contained in:
Matthew Holt
2017-10-08 22:19:35 -06:00
parent cccfe3b4ef
commit b0d9c058cc
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
caddyhttp/httpserver/middleware.go
View File

@@ -158,7 +158,7 @@ func SetLastModifiedHeader(w http.ResponseWriter, modTime time.Time) {
// CaseSensitivePath determines if paths should be case sensitive.
// This is configurable via CASE_SENSITIVE_PATH environment variable.
var CaseSensitivePath = true
var CaseSensitivePath = false
const caseSensitivePathEnv = "CASE_SENSITIVE_PATH"
@@ -167,10 +167,10 @@ const caseSensitivePathEnv = "CASE_SENSITIVE_PATH"
// This could have been in init, but init cannot be called from tests.
func initCaseSettings() {
switch os.Getenv(caseSensitivePathEnv) {
case "0", "false":
CaseSensitivePath = false
default:
case "1", "true":
CaseSensitivePath = true
default:
CaseSensitivePath = false
}
}