oss/miniflux-v2
oss/miniflux-v2
1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-08-06 17:41:00 +00:00
Code Wiki Activity

refactor(fetcher): simplification of ExecuteRequest

Browse source 
Instead of doing some ciphers manipulation before instantiating the http.Transport
and then assigning them, instantiate http.Transport, and then in an if do the
manipulation. This makes the code a bit clearer, which is always nice when it
comes to cryptographic shenanigans.
This commit is contained in:
jvoisin 2025-07-06 23:31:15 +02:00 committed by Frédéric Guillot
parent 61583d53d5
commit 46adb0ffad
1 changed files with 16 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

40
internal/reader/fetcher/request_builder.go
View file

@ -11,6 +11,7 @@ import (
"net"
"net/http"
"net/url"
"slices"
"time"
"miniflux.app/v2/internal/proxyrotator"
@ -124,38 +125,29 @@ func (r *RequestBuilder) IgnoreTLSErrors(value bool) *RequestBuilder {
}
func (r *RequestBuilder) ExecuteRequest(requestURL string) (*http.Response, error) {
// We get the safe ciphers
ciphers := tls.CipherSuites()
if r.ignoreTLSErrors {
// and the insecure ones if we are ignoring TLS errors. This allows to connect to badly configured servers anyway
ciphers = append(ciphers, tls.InsecureCipherSuites()...)
}
cipherSuites := make([]uint16, 0, len(ciphers))
for _, cipher := range ciphers {
cipherSuites = append(cipherSuites, cipher.ID)
}
transport := &http.Transport{
Proxy: http.ProxyFromEnvironment,
// Setting `DialContext` disables HTTP/2, this option forces the transport to try HTTP/2 regardless.
ForceAttemptHTTP2: true,
DialContext: (&net.Dialer{
// Default is 30s.
Timeout: 10 * time.Second,
// Default is 30s.
KeepAlive: 15 * time.Second,
Timeout: 10 * time.Second, // Default is 30s.
KeepAlive: 15 * time.Second, // Default is 30s.
}).DialContext,
MaxIdleConns: 50, // Default is 100.
IdleConnTimeout: 10 * time.Second, // Default is 90s.
}
// Default is 100.
MaxIdleConns: 50,
// Default is 90s.
IdleConnTimeout: 10 * time.Second,
TLSClientConfig: &tls.Config{
if r.ignoreTLSErrors {
// Add insecure ciphers if we are ignoring TLS errors. This allows to connect to badly configured servers anyway
ciphers := slices.Concat(tls.CipherSuites(), tls.InsecureCipherSuites())
cipherSuites := make([]uint16, 0, len(ciphers))
for _, cipher := range ciphers {
cipherSuites = append(cipherSuites, cipher.ID)
}
transport.TLSClientConfig = &tls.Config{
CipherSuites: cipherSuites,
InsecureSkipVerify: r.ignoreTLSErrors,
},
InsecureSkipVerify: true,
}
}
if r.disableHTTP2 {