🐛 bug: Handle Unix sockets explicitly in IsFromLocal()

[Copilot]

Description

Unix socket connections are inherently local—only processes on the same host can connect via Unix domain sockets. However, IsFromLocal() returned false for them because fasthttp.RemoteIP() returns 0.0.0.0 for Unix sockets, and 0.0.0.0.IsLoopback() returns false.

This PR adds explicit *net.UnixAddr handling to IsFromLocal(), consistent with IsProxyTrusted().

Changes introduced

• req.go: Added type check for *net.UnixAddr that returns true before the IP loopback check, with properly formatted inline comment
• ctx_test.go: Added test case verifying Unix socket connections return true, plus added defer app.ReleaseCtx(c) to all test blocks to prevent context leaks

// IsFromLocal will return true if request came from local.
func (r *DefaultReq) IsFromLocal() bool {
	// Unix sockets are inherently local - only processes on the same host can connect.
	remoteAddr := r.c.fasthttp.RemoteAddr()
	if _, ok := remoteAddr.(*net.UnixAddr); ok {
		return true
	}

	if ip := r.c.fasthttp.RemoteIP(); ip != nil {
		return ip.IsLoopback()
	}
	return false
}

• Benchmarks: No performance impact—added early return path for Unix sockets
• Documentation Update: N/A—behavioral fix, no API changes
• Changelog/What's New: Fixed IsFromLocal() returning false for Unix socket connections
• Migration Guide: N/A—transparent fix
• API Alignment with Express: N/A
• API Longevity: No API changes
• Examples: N/A

Type of change

• Code consistency (non-breaking change which improves code reliability and robustness)

Checklist

• Followed the inspiration of the Express.js framework for new functionalities, making them similar in usage.
• Conducted a self-review of the code and provided comments for complex or critical parts.
• Updated the documentation in the /docs/ directory for Fiber's documentation.
• Added or updated unit tests to validate the effectiveness of the changes or new features.
• Ensured that new and existing unit tests pass locally with the changes.
• Verified that any new dependencies are essential and have been agreed upon by the maintainers/community.
• Aimed for optimal performance with minimal allocations in the new code.
• Provided benchmarks for the new code to analyze and improve upon.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• exampleretry.com
  • Triggering command: /tmp/go-build357287408/b307/client.test /tmp/go-build357287408/b307/client.test -test.paniconexit0 -test.v=test2json -test.timeout=10m0s -test.count=1 -test.shuffle=on /lto-wrapper ux-amd64/pkg/tool/linux_amd64/vet /home/REDACTED/go//home/REDACTED/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.25.0.linux-amd64/pkg/too/tmp/go-build357287408/b197/vet.cfg om/stretchr/objx-unsafeptr=false mpile ux-amd64/pkg/too/tmp/go-build357287408/b094/vet.cfg env _.a mpile ux-amd64/pkg/tool/linux_amd64/vet GOINSECURE GOMOD GOMODCACHE ux-amd64/pkg/too/tmp/go-build357287408/b250/vet.cfg (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.98%. Comparing base (90db3a8) to head (b9391b2).
⚠️ Report is 5 commits behind head on update-proxy-trust-logic-in-req.go.

Additional details and impacted files

@@                          Coverage Diff                           @@
##           update-proxy-trust-logic-in-req.go    #4090      +/-   ##
======================================================================
- Coverage                               91.03%   90.98%   -0.06%     
======================================================================
  Files                                     119      119              
  Lines                                   11317    11320       +3     
======================================================================
- Hits                                    10302    10299       -3     
- Misses                                    643      648       +5     
- Partials                                  372      373       +1     

Flag	Coverage Δ
unittests	90.98% <100.00%> (-0.06%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Fixes IsFromLocal() incorrectly returning false for Unix domain socket connections by explicitly treating *net.UnixAddr as local, aligning behavior with existing Unix-socket handling in IsProxyTrusted().

Changes:

• Add an early return in DefaultReq.IsFromLocal() when fasthttp.RemoteAddr() is a *net.UnixAddr.
• Add a unit test covering Unix socket remote addresses for Ctx.IsFromLocal().

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
req.go	Treat Unix domain socket remote addresses as inherently local in IsFromLocal() to avoid 0.0.0.0 loopback misclassification.
ctx_test.go	Add coverage ensuring Unix-socket-based remote addresses result in IsFromLocal() == true.

[gaby]

@copilot apply changes based on the comments in this thread