github/vim-ale
1
0
Fork 0
mirror of https://github.com/webinstall/webi-installers.git synced 2026-05-18 14:46:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(webicached): use hardened httpclient for upstream API calls

Browse Source 
Replaces the inline &http.Client{Timeout: 30s} with httpclient.New(),
which enforces TLS 1.2+, per-level timeouts, no HTTPS→HTTP redirect
downgrade, connection pooling, and automatic retry with backoff.

The delayTransport (page-delay flag) now wraps httpclient's transport
instead of http.DefaultTransport, preserving all security properties.
This commit is contained in:
AJ ONeal
2026-05-16 20:58:14 -06:00
parent f638a25529
commit 1e499ed6c8
2 changed files with 157 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/webicached/main.go
View File

@@ -35,6 +35,7 @@ import (
"github.com/joho/godotenv"
"github.com/webinstall/webi-installers/internal/classifypkg"
"github.com/webinstall/webi-installers/internal/httpclient"
"github.com/webinstall/webi-installers/internal/installerconf"
"github.com/webinstall/webi-installers/internal/rawcache"
"github.com/webinstall/webi-installers/internal/releases/chromedist"
@@ -166,10 +167,10 @@ func main() {
auth = &githubish.Auth{Token: cfg.token}
}
client := &http.Client{Timeout: 30 * time.Second}
client := httpclient.New()
if cfg.pageDelay > 0 {
client.Transport = &delayTransport{
base: http.DefaultTransport,
base: client.Transport,
delay: cfg.pageDelay,
}
}