use consistent hidden domain matching everywhere

Snawoot · Snawoot · commit bf0f5c1d2041 · 2026-03-22T22:18:20.000+02:00
diff --git a/auth/hmac.go b/auth/hmac.go
@@ -127,7 +127,7 @@ func (auth *HMACAuth) Validate(ctx context.Context, wr http.ResponseWriter, req
 
 	if VerifyHMACLoginAndPassword(auth.secret, login, password) {
 		if auth.hiddenDomain != "" &&
-			(req.Host == auth.hiddenDomain || req.URL.Host == auth.hiddenDomain) {
+			(matchHiddenDomain(req.Host, auth.hiddenDomain) || matchHiddenDomain(req.URL.Host, auth.hiddenDomain)) {
 			wr.Header().Set("Content-Length", strconv.Itoa(len([]byte(AUTH_TRIGGERED_MSG))))
 			wr.Header().Set("Pragma", "no-cache")
 			wr.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
diff --git a/auth/redis.go b/auth/redis.go
@@ -120,7 +120,7 @@ func (auth *RedisAuth) Validate(ctx context.Context, wr http.ResponseWriter, req
 
 	if matcher.MatchesPassword(password) {
 		if auth.hiddenDomain != "" &&
-			(req.Host == auth.hiddenDomain || req.URL.Host == auth.hiddenDomain) {
+			(matchHiddenDomain(req.Host, auth.hiddenDomain) || matchHiddenDomain(req.URL.Host, auth.hiddenDomain)) {
 			wr.Header().Set("Content-Length", strconv.Itoa(len([]byte(AUTH_TRIGGERED_MSG))))
 			wr.Header().Set("Pragma", "no-cache")
 			wr.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
