Minor fixes 1 12 0

README.md

@@ -93,12 +93,12 @@ Use Go's regexp syntax to create the patterns for these parameters. To avoid ins
 Examples (command-line):
 + `'-allowGET=/v1\..{1,2}/(version|containers/.*|events.*)'` could be used for allowing access to the docker socket for Traefik v2.
 + `'-allowHEAD=.*'` allows all HEAD requests.
-+ `'-allowGET=/version -allowGET=/_ping'` use allow `GET` multiple times
++ `'-allowGET=/version -allowGET=/_ping'` supports using `-allowGET` multiple times
 
 Examples (env variables):
 + `'SP_ALLOW_GET="/v1\..{1,2}/(version|containers/.*|events.*)"'` could be used for allowing access to the docker socket for Traefik v2.
 + `'SP_ALLOW_HEAD=".*"'` allows all HEAD requests.
-+ `'SP_ALLOW_GET="/version" SP_ALLOW_GET_2="/_ping"'` use allow `GET` multiple times
++ `'SP_ALLOW_GET="/version" SP_ALLOW_GET_2="/_ping"'` supports multiple `SP_ALLOW_GET` entries
 
 For more information, refer to the [Go regexp documentation](https://golang.org/pkg/regexp/syntax/).
 
@@ -107,7 +107,7 @@ An excellent online regexp tester is [regex101.com](https://regex101.com/).
 To determine which HTTP requests your client application uses, you could switch socket-proxy to debug log level and look at the log output while allowing all requests in a secure environment.
 
 > [!NOTE]
-> Starting with version 1.12.0, the socket-proxy can set multiple -allow* in params, environment, or docker labels.
+> Starting with version 1.12.0, the socket-proxy supports using multiple -allow* entries in params, environment, or docker labels.
 
 #### Setting up bind mount restrictions
 

internal/config/config.go

@@ -690,12 +690,8 @@ func extractLabelData(cntr container.Summary) (map[string][]*regexp.Regexp, []st
 	for labelName, labelValue := range cntr.Labels {
 		if strings.HasPrefix(labelName, allowedDockerLabelPrefix) && labelValue != "" {
 			allowSpec := strings.ToUpper(strings.TrimPrefix(labelName, allowedDockerLabelPrefix))
-			if slices.ContainsFunc(supportedHTTPMethods, func(method string) bool {
-				// allowSpec starts with the method name like  socket-proxy.allow.get.1
-				return strings.HasPrefix(allowSpec, method)
-			}) {
-				// extract the method name from allowSpec
-				method, _, _ := strings.Cut(allowSpec, ".")
+			method, _, _ := strings.Cut(allowSpec, ".")
+			if slices.Contains(supportedHTTPMethods, method) {
 				r, err := compileRegexp(labelValue, method, "docker container label")
 				if err != nil {
 					return nil, nil, err

internal/config/config_test.go

@@ -6,6 +6,7 @@ import (
 	"os"
 	"reflect"
 	"regexp"
+	"sort"
 	"strconv"
 	"testing"
 
@@ -108,8 +109,18 @@ func regexMapsEqual(a, b map[string][]*regexp.Regexp) bool {
 		if !ok || len(aRegexes) != len(bRegexes) {
 			return false
 		}
-		for i, ar := range aRegexes {
-			if ar.String() != bRegexes[i].String() {
+		aRegexStrings := make([]string, 0, len(aRegexes))
+		for _, ar := range aRegexes {
+			aRegexStrings = append(aRegexStrings, ar.String())
+		}
+		bRegexStrings := make([]string, 0, len(bRegexes))
+		for _, br := range bRegexes {
+			bRegexStrings = append(bRegexStrings, br.String())
+		}
+		sort.Strings(aRegexStrings)
+		sort.Strings(bRegexStrings)
+		for i, ar := range aRegexStrings {
+			if ar != bRegexStrings[i] {
 				return false
 			}
 		}