Necessary as otherwise the early-bail in `until =
strings.IndexByte(remaining, nextCh) ... if until == -1` can cause a
case-insensitive mismatch
Co-authored-by: Asim Viladi Oglu Manizada <manizada@users.noreply.github.com>
Normalize exact hosts at provisioning and reqHost in the fast path so case-different Host variants can’t bypass host-gated routes.
Co-authored-by: Asim Viladi Oglu Manizada <manizada@users.noreply.github.com>
* refactor: use strings.Builder to improve performance
Signed-off-by: zjumathcode <pai314159@2980.com>
* refactor: small builder improvements per review (WriteByte / split writes)
also revert builder change in client_test.go
refactor(logging): build IP mask output via join of parts (more efficient)
---------
Signed-off-by: zjumathcode <pai314159@2980.com>
Co-authored-by: Francis Lavoie <lavofr@gmail.com>
When a request arrives via a Unix domain socket (RemoteAddr == "@"),
net.SplitHostPort fails, causing addForwardedHeaders to strip all
X-Forwarded-* headers even when the connection is trusted via
trusted_proxies_unix.
Handle Unix socket connections before parsing RemoteAddr: if untrusted,
strip headers for security; if trusted, let clientIP remain empty (no
peer IP for a Unix socket hop) and fall through to the shared header
logic, preserving the existing XFF chain without appending a spurious
entry.
Amp-Thread-ID: https://ampcode.com/threads/T-019c4225-a0ad-7283-ac56-e2c01eae1103
Co-authored-by: Amp <amp@ampcode.com>
* caddyfile: add `observe_catchall_hosts` option
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* correct JSON field name and doc comment
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
---------
Signed-off-by: Mohammed Al Sahaf <msaa1990@gmail.com>
* WIP tracing span attributes
* better test
* only write attributes after other middleware (and request)
* Fix test to use header response placeholders
* packet_conn_wrappers: Initial changes
* packet_conn_wrappers: Unwrap a packet conn only if there are no wrappers
---------
Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
* capture the buffered body once, then reset clonedReq.Body before each retry
* no copy
* keep receiver name
* set the buf to nil after extraction and only return it to pool if not nil
---------
Co-authored-by: WeidiDeng <weidi_deng@icloud.com>
