aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatthew Holt <[email protected]>2017-10-08 22:19:35 -0600
committerMatthew Holt <[email protected]>2017-10-08 22:19:35 -0600
commitb0d9c058cc72183d5204f648459f6f77953a5a77 (patch)
tree479f28c0fc71893d8d1b3543ea4458c17963cf27
parentcccfe3b4efb45b443dcbef9ab26a4ec4ffb46eab (diff)
downloadcaddy-b0d9c058cc72183d5204f648459f6f77953a5a77.tar.gz
caddy-b0d9c058cc72183d5204f648459f6f77953a5a77.zip
Change CASE_SENSITIVE_PATH default to false
A default of true is risky when protecting assets by matching base path. It's not obvious that protecting /foo/ will allow /Foo/ through, and if accessing static files on a case-insensitive file system... that's no good. So the default is now to be case-INsensitive when matching paths.
-rw-r--r--caddyhttp/httpserver/middleware.go8
-rw-r--r--caddyhttp/httpserver/middleware_test.go2
2 files changed, 5 insertions, 5 deletions
diff --git a/caddyhttp/httpserver/middleware.go b/caddyhttp/httpserver/middleware.go
index c54246659..a754e77ce 100644
--- a/caddyhttp/httpserver/middleware.go
+++ b/caddyhttp/httpserver/middleware.go
@@ -158,7 +158,7 @@ func SetLastModifiedHeader(w http.ResponseWriter, modTime time.Time) {
// CaseSensitivePath determines if paths should be case sensitive.
// This is configurable via CASE_SENSITIVE_PATH environment variable.
-var CaseSensitivePath = true
+var CaseSensitivePath = false
const caseSensitivePathEnv = "CASE_SENSITIVE_PATH"
@@ -167,10 +167,10 @@ const caseSensitivePathEnv = "CASE_SENSITIVE_PATH"
// This could have been in init, but init cannot be called from tests.
func initCaseSettings() {
switch os.Getenv(caseSensitivePathEnv) {
- case "0", "false":
- CaseSensitivePath = false
- default:
+ case "1", "true":
CaseSensitivePath = true
+ default:
+ CaseSensitivePath = false
}
}
diff --git a/caddyhttp/httpserver/middleware_test.go b/caddyhttp/httpserver/middleware_test.go
index b8b73e144..19638ca48 100644
--- a/caddyhttp/httpserver/middleware_test.go
+++ b/caddyhttp/httpserver/middleware_test.go
@@ -59,7 +59,7 @@ func TestPathCaseSensitiveEnv(t *testing.T) {
{"0", false},
{"false", false},
{"true", true},
- {"", true},
+ {"", false},
}
for i, test := range tests {