fix: disable hickory-dns in auth HTTP client#2828
Draft
yeswecan wants to merge 6 commits into
Draft
Conversation
The auth HTTP client uses a bare reqwest builder that defaults to hickory-dns (enabled via cargo feature), which attempts direct DNS resolution even when HTTP_PROXY/HTTPS_PROXY are set. This breaks OAuth token exchange in proxy environments where DNS only resolves through the proxy. The main HTTP client already sets .hickory_dns(false) — this aligns the auth client to match.
github-actions
Bot
added
the
type: fix
|
|
Author
|
@CLAassistant added the backup email that I used for the commit to my GitHub account. CLA website still shows me no way to accept the terms or w.e. |
|
Action required: PR inactive for 5 days. |
github-actions
Bot
added
the
state: inactive
github-actions
Bot
removed
the
state: inactive
|
Action required: PR inactive for 5 days. |
github-actions
Bot
added
the
state: inactive
github-actions
Bot
removed
the
state: inactive
|
Action required: PR inactive for 5 days. |
github-actions
Bot
added
the
state: inactive
| .redirect(reqwest::redirect::Policy::none()) | ||
| // Use system DNS resolver instead of hickory-dns to work correctly | ||
| // behind proxies (where direct DNS resolution may not be available) | ||
| .hickory_dns(false); |
Contributor
There was a problem hiding this comment.
can you use config to set it. Instead of hardcodeing
amitksingh1490
removed
the
state: inactive
Contributor
|
Please move it ready to review once above comment is resolved |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The auth HTTP client in
build_http_client()(crates/forge_infra/src/auth/util.rs) doesn't call.hickory_dns(false). Since the workspace enables thehickory-dnscargo feature, this client attempts direct DNS resolution even whenHTTP_PROXY/HTTPS_PROXYare set, breaking OAuth in proxy environments.The main HTTP client in
crates/forge_infra/src/http.rsalready sets.hickory_dns(false)— this one-line fix aligns the auth client to match.Fixes
Authentication completion failed: Failed to exchange authorization code: error sending request for url (https://console.anthropic.com/v1/oauth/token)when behind a proxy.