浏览代码

refactor(fetcher): simplification of ExecuteRequest

Instead of doing some ciphers manipulation before instantiating the http.Transport
and then assigning them, instantiate http.Transport, and then in an if do the
manipulation. This makes the code a bit clearer, which is always nice when it
comes to cryptographic shenanigans.
jvoisin 1 年之前
父节点
当前提交
46adb0ffad
共有 1 个文件被更改,包括 16 次插入24 次删除
  1. 16 24
      internal/reader/fetcher/request_builder.go

+ 16 - 24
internal/reader/fetcher/request_builder.go

@@ -11,6 +11,7 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"slices"
 	"time"
 
 	"miniflux.app/v2/internal/proxyrotator"
@@ -124,38 +125,29 @@ func (r *RequestBuilder) IgnoreTLSErrors(value bool) *RequestBuilder {
 }
 
 func (r *RequestBuilder) ExecuteRequest(requestURL string) (*http.Response, error) {
-	// We get the safe ciphers
-	ciphers := tls.CipherSuites()
-	if r.ignoreTLSErrors {
-		// and the insecure ones if we are ignoring TLS errors. This allows to connect to badly configured servers anyway
-		ciphers = append(ciphers, tls.InsecureCipherSuites()...)
-	}
-	cipherSuites := make([]uint16, 0, len(ciphers))
-	for _, cipher := range ciphers {
-		cipherSuites = append(cipherSuites, cipher.ID)
-	}
 	transport := &http.Transport{
 		Proxy: http.ProxyFromEnvironment,
 		// Setting `DialContext` disables HTTP/2, this option forces the transport to try HTTP/2 regardless.
 		ForceAttemptHTTP2: true,
 		DialContext: (&net.Dialer{
-			// Default is 30s.
-			Timeout: 10 * time.Second,
-
-			// Default is 30s.
-			KeepAlive: 15 * time.Second,
+			Timeout:   10 * time.Second, // Default is 30s.
+			KeepAlive: 15 * time.Second, // Default is 30s.
 		}).DialContext,
+		MaxIdleConns:    50,               // Default is 100.
+		IdleConnTimeout: 10 * time.Second, // Default is 90s.
+	}
 
-		// Default is 100.
-		MaxIdleConns: 50,
-
-		// Default is 90s.
-		IdleConnTimeout: 10 * time.Second,
-
-		TLSClientConfig: &tls.Config{
+	if r.ignoreTLSErrors {
+		//  Add insecure ciphers if we are ignoring TLS errors. This allows to connect to badly configured servers anyway
+		ciphers := slices.Concat(tls.CipherSuites(), tls.InsecureCipherSuites())
+		cipherSuites := make([]uint16, 0, len(ciphers))
+		for _, cipher := range ciphers {
+			cipherSuites = append(cipherSuites, cipher.ID)
+		}
+		transport.TLSClientConfig = &tls.Config{
 			CipherSuites:       cipherSuites,
-			InsecureSkipVerify: r.ignoreTLSErrors,
-		},
+			InsecureSkipVerify: true,
+		}
 	}
 
 	if r.disableHTTP2 {