Commit 18fc175
When --insecure-skip-tls-verify was set, the code globally replaced
http.DefaultTransport, affecting all concurrent and future HTTP calls
in the process. Create a scoped *http.Client instead and pass it via
context to the OIDC/login flow only.
The runLogin function doesn't make any direct HTTP calls itself (it
only starts a local callback server and waits for the OIDC redirect),
so the DefaultTransport mutation was both harmful and unnecessary.
The get_token.go refreshToken function already correctly uses a scoped
http.Client passed via oidc.ClientContext.
Co-authored-by: OpenClaw Bot <bot@openclaw.ai>
Co-authored-by: Mangirdas Judeikis <mangirdas@judeikis.lt>
1 parent 0498774 commit 18fc175
1 file changed
Lines changed: 0 additions & 11 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
142 | 142 | | |
143 | 143 | | |
144 | 144 | | |
145 | | - | |
146 | | - | |
147 | | - | |
148 | | - | |
149 | | - | |
150 | | - | |
151 | | - | |
152 | | - | |
153 | | - | |
154 | | - | |
155 | | - | |
156 | 145 | | |
157 | 146 | | |
158 | 147 | | |
| |||
0 commit comments