35 lines
1.3 KiB
Go
35 lines
1.3 KiB
Go
package http
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net"
|
|
"net/http"
|
|
"time"
|
|
)
|
|
|
|
// SetupDefaults Reconfigures defaults for HTTP client & transport
|
|
func SetupDefaults(timeout time.Duration, tlsInsecure bool) {
|
|
if tlsInsecure {
|
|
// This will allow HTTPS requests to insecure hosts (expired, wrong host, self signed, untrusted root...)
|
|
// With this enabled, features like OIDC auto-discovery should work on any of examples found on badssl.com.
|
|
//
|
|
// With SYSTEM_HTTP_CLIENT_TSL_INSECURE=0 (default) next command returns 404 error (expected)
|
|
// > ./system external-auth auto-discovery foo-tls-1 https://expired.badssl.com/
|
|
//
|
|
// Without SYSTEM_HTTP_CLIENT_TSL_INSECURE=1 next command returns "x509: certificate has expired or is not yet valid"
|
|
// > ./system external-auth auto-discovery foo-tls-1 https://expired.badssl.com/
|
|
//
|
|
http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
|
|
http.DefaultTransport.(*http.Transport).DialContext = (&net.Dialer{Timeout: timeout}).DialContext
|
|
http.DefaultTransport.(*http.Transport).TLSHandshakeTimeout = timeout
|
|
}
|
|
|
|
if timeout > 0 {
|
|
http.DefaultClient.Timeout = timeout
|
|
}
|
|
|
|
http.DefaultClient.CheckRedirect = func(req *http.Request, via []*http.Request) error {
|
|
return http.ErrUseLastResponse
|
|
}
|
|
}
|