claw
91f31ff2d7
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 24s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 34s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m43s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m49s
MINOR #1: Move AllowInsecureHTTPForTest to export_test.go so it is only available in test binaries and does not pollute the production API surface. MINOR #2: Replace url.Parse with a strings.EqualFold prefix check in doRequest's HTTPS enforcement, avoiding a per-request allocation. NIT #3: Push back — slog.Warn on ignored AllowInsecureHTTP is a deliberate design choice that helps operators debug 'refusing to send credentials' errors when the env gate is not set.
15 lines
505 B
Go
15 lines
505 B
Go
package github
|
|
|
|
// AllowInsecureHTTPForTest permits the client to send credentials over HTTP
|
|
// without requiring the REVIEW_BOT_ALLOW_INSECURE environment variable.
|
|
// This is intended exclusively for tests using httptest.Server.
|
|
//
|
|
// This function lives in export_test.go so it is only available to test
|
|
// binaries and does not appear in the production API surface.
|
|
func AllowInsecureHTTPForTest() ClientOption {
|
|
return func(c *clientConfig) {
|
|
c.allowInsecureHTTP = true
|
|
c.testBypass = true
|
|
}
|
|
}
|