fix: prevent SSRF via OpenID Connect avatar download (GHSA-g9xj-752q-xh63)

This commit is contained in:
kolaente 2026-03-23 16:10:38 +01:00 committed by kolaente
parent 0266fffad2
commit 363aa66423
1 changed files with 1 additions and 1 deletions

View File

@ -101,7 +101,7 @@ func DownloadImage(url string) ([]byte, error) {
return nil, fmt.Errorf("failed to create HTTP request: %w", err)
}
resp, err := (&http.Client{}).Do(req) // #nosec G704 -- URL comes from OIDC provider picture claim
resp, err := NewSSRFSafeHTTPClient().Do(req)
if err != nil {
return nil, fmt.Errorf("failed to download image: %w", err)
}