MCPcopy
hub / github.com/caddyserver/caddy / enforcementHandler

Method enforcementHandler

modules/caddyhttp/server.go:524–543  ·  view source on GitHub ↗

enforcementHandler is an implicit middleware which performs standard checks before executing the HTTP middleware chain.

(w http.ResponseWriter, r *http.Request, next Handler)

Source from the content-addressed store, hash-verified

522// enforcementHandler is an implicit middleware which performs
523// standard checks before executing the HTTP middleware chain.
524func (s *Server) enforcementHandler(w http.ResponseWriter, r *http.Request, next Handler) error {
525 // enforce strict host matching, which ensures that the SNI
526 // value (if any), matches the Host header; essential for
527 // servers that rely on TLS ClientAuth sharing a listener
528 // with servers that do not; if not enforced, client could
529 // bypass by sending benign SNI then restricted Host header
530 if s.StrictSNIHost != nil && *s.StrictSNIHost && r.TLS != nil {
531 hostname, _, err := net.SplitHostPort(r.Host)
532 if err != nil {
533 hostname = r.Host // OK; probably lacked port
534 }
535 if !strings.EqualFold(r.TLS.ServerName, hostname) {
536 err := fmt.Errorf("strict host matching: TLS ServerName (%s) and HTTP Host (%s) values differ",
537 r.TLS.ServerName, hostname)
538 r.Close = true
539 return Error(http.StatusMisdirectedRequest, err)
540 }
541 }
542 return next.ServeHTTP(w, r)
543}
544
545// listenersUseAnyPortOtherThan returns true if there are any
546// listeners in s that use a port which is not otherPort.

Callers 1

wrapPrimaryRouteMethod · 0.95

Calls 2

ErrorFunction · 0.70
ServeHTTPMethod · 0.65

Tested by

no test coverage detected