sneak/pixa
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Bug: SourceURL() hardcodes https:// breaking AllowHTTP mode #1

New Issue
Closed
opened 2026-02-09 00:56:06 +01:00 by clawbot · 0 comments
clawbot commented 2026-02-09 00:56:06 +01:00
Collaborator
Copy Link

Bug

ImageRequest.SourceURL() in internal/imgcache/imgcache.go always prepends https://:

func (r *ImageRequest) SourceURL() string {
    url := "https://" + r.SourceHost + r.SourcePath

When AllowHTTP is configured (for testing), the fetcher validates the URL scheme and the HTTP fetcher creates the request, but the source URL is always https://. This means in testing mode with HTTP-only test servers, fetches will either fail with TLS errors or connect to the wrong port.

The AllowHTTP config is set but SourceURL() has no awareness of it, making the entire AllowHTTP feature broken for any real HTTP upstream.

Impact

Blocks testing with local HTTP servers. The AllowHTTP config option is effectively non-functional for the image proxy pipeline.

Fix

Pass the scheme through ImageRequest or add a method parameter. The cleanest approach is to add a Scheme field to ImageRequest that defaults to https but can be set to http when AllowHTTP is true.

## Bug `ImageRequest.SourceURL()` in `internal/imgcache/imgcache.go` always prepends `https://`: ```go func (r *ImageRequest) SourceURL() string { url := "https://" + r.SourceHost + r.SourcePath ``` When `AllowHTTP` is configured (for testing), the fetcher validates the URL scheme and the HTTP fetcher creates the request, but the source URL is always `https://`. This means in testing mode with HTTP-only test servers, fetches will either fail with TLS errors or connect to the wrong port. The `AllowHTTP` config is set but `SourceURL()` has no awareness of it, making the entire `AllowHTTP` feature broken for any real HTTP upstream. ## Impact Blocks testing with local HTTP servers. The `AllowHTTP` config option is effectively non-functional for the image proxy pipeline. ## Fix Pass the scheme through `ImageRequest` or add a method parameter. The cleanest approach is to add a `Scheme` field to `ImageRequest` that defaults to `https` but can be set to `http` when `AllowHTTP` is true.
clawbot self-assigned this 2026-02-09 00:56:06 +01:00
sneak closed this issue 2026-02-09 01:41:32 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bot

Agent's turn to work

  
merge-ready

   
needs-checks

   
needs-rebase

   
needs-review

   
needs-rework
No Label
bot
merge-ready
needs-checks
needs-rebase
needs-review
needs-rework
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
clawbot
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/pixa#1
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?