better handling of default transport modification

This commit is contained in:
tuunit 2024-10-06 21:43:38 +02:00
parent 8fd7312a90
commit bae168f06a
No known key found for this signature in database
GPG Key ID: C2172BFA220A037A
2 changed files with 9 additions and 13 deletions

View File

@ -7,22 +7,22 @@ import (
)
type userAgentTransport struct {
Next http.RoundTripper
next http.RoundTripper
userAgent string
}
func (t *userAgentTransport) RoundTrip(req *http.Request) (*http.Response, error) {
r := req.Clone(req.Context())
setDefaultUserAgent(r.Header, t.userAgent)
return t.Next.RoundTrip(r)
return t.next.RoundTrip(r)
}
var DefaultHTTPClient = &http.Client{Transport: &DefaultTransport}
var DefaultTransport = userAgentTransport{
Next: http.DefaultTransport,
var DefaultHTTPClient = &http.Client{Transport: &userAgentTransport{
next: DefaultTransport,
userAgent: "oauth2-proxy/" + version.VERSION,
}
}}
var DefaultTransport = http.DefaultTransport
func setDefaultUserAgent(header http.Header, userAgent string) {
if header != nil && len(header.Values("User-Agent")) == 0 {

View File

@ -31,20 +31,16 @@ func Validate(o *options.Options) error {
msgs = parseSignatureKey(o, msgs)
if o.SSLInsecureSkipVerify {
transport := requests.DefaultTransport.Next.(*http.Transport).Clone()
transport := requests.DefaultTransport.(*http.Transport)
transport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} // #nosec G402 -- InsecureSkipVerify is a configurable option we allow
requests.DefaultHTTPClient = &http.Client{Transport: transport}
} else if len(o.Providers[0].CAFiles) > 0 {
pool, err := util.GetCertPool(o.Providers[0].CAFiles, o.Providers[0].UseSystemTrustStore)
if err == nil {
transport := requests.DefaultTransport.Next.(*http.Transport).Clone()
transport := requests.DefaultTransport.(*http.Transport)
transport.TLSClientConfig = &tls.Config{
RootCAs: pool,
MinVersion: tls.VersionTLS12,
}
requests.DefaultHTTPClient = &http.Client{Transport: transport}
} else {
msgs = append(msgs, fmt.Sprintf("unable to load provider CA file(s): %v", err))
}