From fde324d1a764841debefedf588c4b06a3f73484c Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Tue, 17 Feb 2026 06:27:32 +0000
Subject: Fix link underlines in v3 UI and SSRF proxy bypass

- Add text-decoration: none to .item-description a links in v3 CSS
  to match v1 style (no underlines on feed item content links)
- Fix safehttp to disable proxy on safe client; without this, HTTP
  proxy env vars bypass the DialContext SSRF check for IPs like
  10.0.0.1, causing TestSafeClient to fail

https://claude.ai/code/session_01DpWhB9uGGMBnzqS28HxnuV
---
 internal/safehttp/safehttp.go | 1 +
 1 file changed, 1 insertion(+)

(limited to 'internal/safehttp/safehttp.go')

diff --git a/internal/safehttp/safehttp.go b/internal/safehttp/safehttp.go
index e0859c4..f2c316b 100644
--- a/internal/safehttp/safehttp.go
+++ b/internal/safehttp/safehttp.go
@@ -80,6 +80,7 @@ func NewSafeClient(timeout time.Duration) *http.Client {
 
 	transport := http.DefaultTransport.(*http.Transport).Clone()
 	transport.DialContext = SafeDialer(dialer)
+	transport.Proxy = nil // Disable proxy to ensure SSRF checks are not bypassed
 
 	return &http.Client{
 		Timeout:   timeout,
-- 
cgit v1.2.3