From 4fc570711e170da2bd1164966d2c47f9dc3d3d6d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Tue, 17 Nov 2020 11:29:43 -0700 Subject: [PATCH] caddyhttp: Fix header matcher when using nil Uncovered in #3807 --- modules/caddyhttp/matchers.go | 4 ++++ modules/caddyhttp/matchers_test.go | 10 ++++++++++ 2 files changed, 14 insertions(+) diff --git a/modules/caddyhttp/matchers.go b/modules/caddyhttp/matchers.go index b7a304f622d..d641cb68dea 100644 --- a/modules/caddyhttp/matchers.go +++ b/modules/caddyhttp/matchers.go @@ -445,6 +445,10 @@ func matchHeaders(input, against http.Header, host string) bool { // match if the header field exists at all continue } + if allowedFieldVals == nil && actualFieldVals == nil { + // a nil list means match if the header does not exist at all + continue + } var match bool fieldVals: for _, actualFieldVal := range actualFieldVals { diff --git a/modules/caddyhttp/matchers_test.go b/modules/caddyhttp/matchers_test.go index 9a2836de5f4..51db67d885b 100644 --- a/modules/caddyhttp/matchers_test.go +++ b/modules/caddyhttp/matchers_test.go @@ -480,6 +480,16 @@ func TestHeaderMatcher(t *testing.T) { host: "caddyserver.com", expect: false, }, + { + match: MatchHeader{"Must-Not-Exist": nil}, + input: http.Header{}, + expect: true, + }, + { + match: MatchHeader{"Must-Not-Exist": nil}, + input: http.Header{"Must-Not-Exist": []string{"do not match"}}, + expect: false, + }, } { req := &http.Request{Header: tc.input, Host: tc.host} actual := tc.match.Match(req)