diff options
| author | Claude <noreply@anthropic.com> | 2026-02-17 06:27:32 +0000 |
|---|---|---|
| committer | Claude <noreply@anthropic.com> | 2026-02-17 06:27:32 +0000 |
| commit | fde324d1a764841debefedf588c4b06a3f73484c (patch) | |
| tree | 51b4452e2835c6d1451060e3987663b368bbd1d2 | |
| parent | c15995fe944a6e8f3e68cf0c44fd454e53f21081 (diff) | |
| download | neko-fde324d1a764841debefedf588c4b06a3f73484c.tar.gz neko-fde324d1a764841debefedf588c4b06a3f73484c.tar.bz2 neko-fde324d1a764841debefedf588c4b06a3f73484c.zip | |
Fix link underlines in v3 UI and SSRF proxy bypass
- Add text-decoration: none to .item-description a links in v3 CSS
to match v1 style (no underlines on feed item content links)
- Fix safehttp to disable proxy on safe client; without this, HTTP
proxy env vars bypass the DialContext SSRF check for IPs like
10.0.0.1, causing TestSafeClient to fail
https://claude.ai/code/session_01DpWhB9uGGMBnzqS28HxnuV
| -rw-r--r-- | frontend-vanilla/src/style.css | 5 | ||||
| -rw-r--r-- | internal/safehttp/safehttp.go | 1 |
2 files changed, 6 insertions, 0 deletions
diff --git a/frontend-vanilla/src/style.css b/frontend-vanilla/src/style.css index a3a7978..5fb436c 100644 --- a/frontend-vanilla/src/style.css +++ b/frontend-vanilla/src/style.css @@ -422,6 +422,11 @@ select:focus { word-break: break-word; } +.item-description a { + text-decoration: none; + color: var(--link-color); +} + .item-description img, .item-description video, .item-description pre { diff --git a/internal/safehttp/safehttp.go b/internal/safehttp/safehttp.go index e0859c4..f2c316b 100644 --- a/internal/safehttp/safehttp.go +++ b/internal/safehttp/safehttp.go @@ -80,6 +80,7 @@ func NewSafeClient(timeout time.Duration) *http.Client { transport := http.DefaultTransport.(*http.Transport).Clone() transport.DialContext = SafeDialer(dialer) + transport.Proxy = nil // Disable proxy to ensure SSRF checks are not bypassed return &http.Client{ Timeout: timeout, |