From 9278656124e7cc35d35c35bf6234f7ad8d751ffc Mon Sep 17 00:00:00 2001 From: Steve Hellwege Date: Wed, 8 Feb 2023 10:00:10 -0800 Subject: [PATCH] Allow http.Client used in discovery to be modified (typically for security reasons) [why] The importing application may have some specific security requrirements that necessitate a change to the http.Client or http.Transport used when fetching the xml from the UPnp server. For example, the importing application may want to restrict localhost calls which could be made by an attack server on the local network. [how] Create a global HTTPClient which defaults to http.DefaultClient. This allows the importing application to modify this global if it wishes to make changes to the http.Client/http.Transport used when fetching the xml from the UPnP server. --- goupnp.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/goupnp.go b/goupnp.go index 1670355..93c588b 100644 --- a/goupnp.go +++ b/goupnp.go @@ -148,6 +148,10 @@ func DeviceByURL(loc *url.URL) (*RootDevice, error) { // but should not be changed after requesting clients. var CharsetReaderDefault func(charset string, input io.Reader) (io.Reader, error) +// HTTPClient specifies the http.Client object used when fetching the XML from the UPnP server. +// HTTPClient defaults the http.DefaultClient. This may be overridden by the importing application. +var HTTPClientDefault = http.DefaultClient + func requestXml(ctx context.Context, url string, defaultSpace string, doc interface{}) error { ctx, cancel := context.WithTimeout(ctx, 3*time.Second) defer cancel() @@ -157,7 +161,7 @@ func requestXml(ctx context.Context, url string, defaultSpace string, doc interf return err } - resp, err := http.DefaultClient.Do(req) + resp, err := HTTPClientDefault.Do(req) if err != nil { return err }