From 731b7c3001bbbcda7f09ac05c5d3e74fd1a2294b Mon Sep 17 00:00:00 2001 From: kolaente Date: Sat, 24 Jan 2026 13:58:47 +0100 Subject: [PATCH] fix: avoid mutating global http.DefaultClient in webhook proxy (#2145) Fixes a bug where the webhook HTTP client was mutating `http.DefaultClient` (the global singleton), causing ALL HTTP requests in the application to use the webhook proxy. This broke OIDC authentication and other external HTTP calls when webhook proxy was configured. Fixes #2144 --- pkg/models/webhooks.go | 2 +- pkg/modules/avatar/gravatar/gravatar.go | 2 +- pkg/modules/background/unsplash/proxy.go | 2 +- pkg/modules/background/unsplash/unsplash.go | 4 ++-- pkg/modules/migration/microsoft-todo/microsoft_todo.go | 2 +- pkg/utils/avatar.go | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pkg/models/webhooks.go b/pkg/models/webhooks.go index ae4674bf5..de8d4a57f 100644 --- a/pkg/models/webhooks.go +++ b/pkg/models/webhooks.go @@ -245,7 +245,7 @@ func getWebhookHTTPClient() (client *http.Client) { return webhookClient } - client = http.DefaultClient + client = &http.Client{} client.Timeout = time.Duration(config.WebhooksTimeoutSeconds.GetInt()) * time.Second if config.WebhooksProxyURL.GetString() == "" || config.WebhooksProxyPassword.GetString() == "" { diff --git a/pkg/modules/avatar/gravatar/gravatar.go b/pkg/modules/avatar/gravatar/gravatar.go index 6912677d3..8f8d9871f 100644 --- a/pkg/modules/avatar/gravatar/gravatar.go +++ b/pkg/modules/avatar/gravatar/gravatar.go @@ -90,7 +90,7 @@ func (g *Provider) GetAvatar(user *user.User, size int64) ([]byte, string, error if err != nil { return nil, err } - resp, err := http.DefaultClient.Do(req) + resp, err := (&http.Client{}).Do(req) if err != nil { return nil, err } diff --git a/pkg/modules/background/unsplash/proxy.go b/pkg/modules/background/unsplash/proxy.go index c6d01d0bd..d5f099c51 100644 --- a/pkg/modules/background/unsplash/proxy.go +++ b/pkg/modules/background/unsplash/proxy.go @@ -30,7 +30,7 @@ func unsplashImage(url string, c echo.Context) error { if err != nil { return err } - resp, err := http.DefaultClient.Do(req) + resp, err := (&http.Client{}).Do(req) if err != nil { return err } diff --git a/pkg/modules/background/unsplash/unsplash.go b/pkg/modules/background/unsplash/unsplash.go index ef151db9b..7833d7441 100644 --- a/pkg/modules/background/unsplash/unsplash.go +++ b/pkg/modules/background/unsplash/unsplash.go @@ -257,7 +257,7 @@ func (p *Provider) Set(s *xorm.Session, image *background.Image, project *models if err != nil { return } - resp, err := http.DefaultClient.Do(req) + resp, err := (&http.Client{}).Do(req) if err != nil { return err } @@ -340,7 +340,7 @@ func pingbackByPhotoID(photoID string) { if err != nil { log.Errorf("Unsplash Pingback Failed: %s", err.Error()) } - _, err = http.DefaultClient.Do(req) + _, err = (&http.Client{}).Do(req) if err != nil { log.Errorf("Unsplash Pingback Failed: %s", err.Error()) } diff --git a/pkg/modules/migration/microsoft-todo/microsoft_todo.go b/pkg/modules/migration/microsoft-todo/microsoft_todo.go index f695c0162..7108bb020 100644 --- a/pkg/modules/migration/microsoft-todo/microsoft_todo.go +++ b/pkg/modules/migration/microsoft-todo/microsoft_todo.go @@ -187,7 +187,7 @@ func makeAuthenticatedGetRequest(token, urlPart string, v interface{}) error { } req.Header.Set("Authorization", "Bearer "+token) - resp, err := http.DefaultClient.Do(req) + resp, err := (&http.Client{}).Do(req) if err != nil { return err } diff --git a/pkg/utils/avatar.go b/pkg/utils/avatar.go index 90f9b9d18..1ccd7b911 100644 --- a/pkg/utils/avatar.go +++ b/pkg/utils/avatar.go @@ -101,7 +101,7 @@ func DownloadImage(url string) ([]byte, error) { return nil, fmt.Errorf("failed to create HTTP request: %w", err) } - resp, err := http.DefaultClient.Do(req) + resp, err := (&http.Client{}).Do(req) if err != nil { return nil, fmt.Errorf("failed to download image: %w", err) }