diff options
| author | Claude <noreply@anthropic.com> | 2026-02-17 06:27:32 +0000 |
|---|---|---|
| committer | Claude <noreply@anthropic.com> | 2026-02-17 06:27:32 +0000 |
| commit | fde324d1a764841debefedf588c4b06a3f73484c (patch) | |
| tree | 51b4452e2835c6d1451060e3987663b368bbd1d2 /internal/safehttp/safehttp.go | |
| parent | c15995fe944a6e8f3e68cf0c44fd454e53f21081 (diff) | |
| download | neko-fde324d1a764841debefedf588c4b06a3f73484c.tar.gz neko-fde324d1a764841debefedf588c4b06a3f73484c.tar.bz2 neko-fde324d1a764841debefedf588c4b06a3f73484c.zip | |
Fix link underlines in v3 UI and SSRF proxy bypass
- Add text-decoration: none to .item-description a links in v3 CSS
to match v1 style (no underlines on feed item content links)
- Fix safehttp to disable proxy on safe client; without this, HTTP
proxy env vars bypass the DialContext SSRF check for IPs like
10.0.0.1, causing TestSafeClient to fail
https://claude.ai/code/session_01DpWhB9uGGMBnzqS28HxnuV
Diffstat (limited to 'internal/safehttp/safehttp.go')
| -rw-r--r-- | internal/safehttp/safehttp.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/internal/safehttp/safehttp.go b/internal/safehttp/safehttp.go index e0859c4..f2c316b 100644 --- a/internal/safehttp/safehttp.go +++ b/internal/safehttp/safehttp.go @@ -80,6 +80,7 @@ func NewSafeClient(timeout time.Duration) *http.Client { transport := http.DefaultTransport.(*http.Transport).Clone() transport.DialContext = SafeDialer(dialer) + transport.Proxy = nil // Disable proxy to ensure SSRF checks are not bypassed return &http.Client{ Timeout: timeout, |