Skip to content

httpclient

A hardened, framework-free *http.Client factory — secure TLS defaults, a downgrade-proof redirect policy, and the go/transit retry / circuit-breaker / auth middleware, wired onto the standard library.

go get gitlab.com/phpboyscout/go/httpclient

gitlab.com/phpboyscout/go/httpclient gives a service or library a secure-by-default outbound HTTP client without a framework in tow. NewClient(...) returns a stock *http.Client hardened with a TLS 1.2 floor, curated cipher suites, connection limits, timeouts, and a redirect policy that refuses HTTPS→HTTP downgrades — then layers on the go/transit client middleware through options. It is the client half of the transport stack extracted from go-tool-base.

Why

  • Framework-free. It depends only on go/tls, go/transit and cockroachdb/errors. A depfootprint_test.go guard forbids go-tool-base, the server stack (controls/authn/gateway), the gRPC SDK, and the cloud/CLI/TUI stacks — so a client-only consumer never inherits any of them.
  • Secure by default. Hardened TLS and a CheckRedirect that caps redirects and blocks downgrade attacks ship out of the box; you opt out, not in. See hardened defaults.
  • The middleware is transit's. Retry, circuit breaking, host-pinned credentials and request logging are the go/transit client round-trippers; this module wires them into the client.

Where next


Part of the phpboyscout Go toolkit — small, framework-free Go modules extracted from go-tool-base.