From 5c8886236a0f6fc2c7674f7132ec09a13b65564a Mon Sep 17 00:00:00 2001
From: jwijenbergh <jeroenwijenbergh@protonmail.com>
Date: Mon, 28 Nov 2022 14:47:41 +0100
Subject: OAuth: Define ReadHeaderTimeout

---
 internal/oauth/oauth.go | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'internal/oauth')

diff --git a/internal/oauth/oauth.go b/internal/oauth/oauth.go
index f88e7e9..6fd2c1f 100644
--- a/internal/oauth/oauth.go
+++ b/internal/oauth/oauth.go
@@ -187,6 +187,9 @@ func (oauth *OAuth) tokensWithCallback() error {
 	// server /callback over the listener address
 	oauth.session.Server = &http.Server{
 		Handler: mux,
+		// Define a default 60 second header read timeout to protect against a Slowloris Attack
+		// A bit overkill maybe for a local server but good to define anyways
+		ReadHeaderTimeout: 60 * time.Second,
 	}
 	mux.HandleFunc("/callback", oauth.Callback)
 
-- 
cgit v1.2.3