ipn/ipnlocal/serve: remove grant header truncation logic

Given that we filter based on the usercaps argument now, truncation
should not be necessary anymore.

Updates tailscale/corp/#28372

Signed-off-by: Gesa Stupperich <gesa@tailscale.com>

cmd/tailscale/cli/serve_legacy.go

@@ -173,7 +173,7 @@ type serveEnv struct {
 	service          tailcfg.ServiceName      // service name
 	tun              bool                     // redirect traffic to OS for service
 	allServices      bool                     // apply config file to all services
-	userCaps         []tailcfg.PeerCapability // user capabilities to forward
+	acceptAppCaps    []tailcfg.PeerCapability // app capabilities to forward
 
 	lc localServeClient // localClient interface, specific to serve
 	// optional stuff for tests:

cmd/tailscale/cli/serve_v2.go

@@ -96,12 +96,12 @@ func (b *bgBoolFlag) String() string {
 	return strconv.FormatBool(b.Value)
 }
 
-type userCapsFlag struct {
+type acceptAppCapsFlag struct {
 	Value *[]tailcfg.PeerCapability
 }
 
-// Set appends s to the list of userCaps.
-func (u *userCapsFlag) Set(s string) error {
+// Set appends s to the list of appCaps to accept.
+func (u *acceptAppCapsFlag) Set(s string) error {
 	if s == "" {
 		return nil
 	}
@@ -109,8 +109,8 @@ func (u *userCapsFlag) Set(s string) error {
 	return nil
 }
 
-// String returns the string representation of the userCaps slice.
-func (u *userCapsFlag) String() string {
+// String returns the string representation of the slice of appCaps to accept.
+func (u *acceptAppCapsFlag) String() string {
 	s := make([]string, len(*u.Value))
 	for i, v := range *u.Value {
 		s[i] = string(v)
@@ -221,7 +221,7 @@ func newServeV2Command(e *serveEnv, subcmd serveMode) *ffcli.Command {
 			fs.UintVar(&e.https, "https", 0, "Expose an HTTPS server at the specified port (default mode)")
 			if subcmd == serve {
 				fs.UintVar(&e.http, "http", 0, "Expose an HTTP server at the specified port")
-				fs.Var(&userCapsFlag{Value: &e.userCaps}, "usercaps", "User capability to forward to the server (can be specified multiple times)")
+				fs.Var(&acceptAppCapsFlag{Value: &e.acceptAppCaps}, "accept-app-caps", "App capability to forward to the server (can be specified multiple times)")
 			}
 			fs.UintVar(&e.tcp, "tcp", 0, "Expose a TCP forwarder to forward raw TCP packets at the specified port")
 			fs.UintVar(&e.tlsTerminatedTCP, "tls-terminated-tcp", 0, "Expose a TCP forwarder to forward TLS-terminated TCP packets at the specified port")
@@ -492,7 +492,7 @@ func (e *serveEnv) runServeCombined(subcmd serveMode) execFunc {
 			if len(args) > 0 {
 				target = args[0]
 			}
-			err = e.setServe(sc, dnsName, srvType, srvPort, mount, target, funnel, magicDNSSuffix, e.userCaps)
+			err = e.setServe(sc, dnsName, srvType, srvPort, mount, target, funnel, magicDNSSuffix, e.acceptAppCaps)
 			msg = e.messageForPort(sc, st, dnsName, srvType, srvPort)
 		}
 		if err != nil {
@@ -1141,7 +1141,7 @@ func (e *serveEnv) applyWebServe(sc *ipn.ServeConfig, dnsName string, srvPort ui
 			return err
 		}
 		h.Proxy = t
-		h.UserCaps = caps
+		h.AcceptAppCaps = caps
 	}
 
 	// TODO: validation needs to check nested foreground configs

cmd/tailscale/cli/serve_v2_test.go

@@ -861,42 +861,42 @@ func TestServeDevConfigMutations(t *testing.T) {
 			name: "forward_grant_header",
 			steps: []step{
 				{
-					command: cmd("serve --bg --usercaps=example.com/cap/foo 3000"),
+					command: cmd("serve --bg --accept-app-caps=example.com/cap/foo 3000"),
 					want: &ipn.ServeConfig{
 						TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
 						Web: map[ipn.HostPort]*ipn.WebServerConfig{
 							"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
 								"/": {
-									Proxy:    "http://127.0.0.1:3000",
-									UserCaps: []tailcfg.PeerCapability{"example.com/cap/foo"},
+									Proxy:         "http://127.0.0.1:3000",
+									AcceptAppCaps: []tailcfg.PeerCapability{"example.com/cap/foo"},
 								},
 							}},
 						},
 					},
 				},
 				{
-					command: cmd("serve --bg --usercaps=example.com/cap/foo --usercaps=example.com/cap/bar 3000"),
+					command: cmd("serve --bg --accept-app-caps=example.com/cap/foo --accept-app-caps=example.com/cap/bar 3000"),
 					want: &ipn.ServeConfig{
 						TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
 						Web: map[ipn.HostPort]*ipn.WebServerConfig{
 							"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
 								"/": {
-									Proxy:    "http://127.0.0.1:3000",
-									UserCaps: []tailcfg.PeerCapability{"example.com/cap/foo", "example.com/cap/bar"},
+									Proxy:         "http://127.0.0.1:3000",
+									AcceptAppCaps: []tailcfg.PeerCapability{"example.com/cap/foo", "example.com/cap/bar"},
 								},
 							}},
 						},
 					},
 				},
 				{
-					command: cmd("serve --bg --usercaps=example.com/cap/bar 3000"),
+					command: cmd("serve --bg --accept-app-caps=example.com/cap/bar 3000"),
 					want: &ipn.ServeConfig{
 						TCP: map[uint16]*ipn.TCPPortHandler{443: {HTTPS: true}},
 						Web: map[ipn.HostPort]*ipn.WebServerConfig{
 							"foo.test.ts.net:443": {Handlers: map[string]*ipn.HTTPHandler{
 								"/": {
-									Proxy:    "http://127.0.0.1:3000",
-									UserCaps: []tailcfg.PeerCapability{"example.com/cap/bar"},
+									Proxy:         "http://127.0.0.1:3000",
+									AcceptAppCaps: []tailcfg.PeerCapability{"example.com/cap/bar"},
 								},
 							}},
 						},