Module http 

HTTP client factories and URL validation primitives.

Two factories return preconfigured reqwest::ClientBuilders:

• safe_client_builder — for clients that send to user-controllable URLs. Caller is expected to validate URLs via SafeUrl::parse first.
• vendor_client_builder — for clients that send to operator-trusted vendor APIs (Twitter, OpenAI, etc.). No URL validation is implied.

Both builders set redirect(Policy::none()), .no_proxy(), and a connect_timeout(5s). They also install a custom DNS resolver (SafeDnsResolver) that re-applies the IP blocklist at connect time — closing the DNS-rebinding bypass that the parse-time check alone left open (F-NET-2).

Structs

SafeDnsResolver

Custom DNS resolver that re-validates resolved IPs against the IpPolicy at connect time.

SafeUrl

A URL that has passed scheme + IP-blocklist validation.

Enums

IpPolicy

Whether to permit requests to non-routable / private IPs.

Constants

DEFAULT_VENDOR_BODY_CAP

Default cap for vendor response bodies (5 MiB).

Functions

read_body_capped

Read up to max_bytes from response and return the bytes plus a flag indicating whether truncation happened.

read_text_capped

Read response body as text, capped at max_bytes. Lossy UTF-8 on non-UTF-8 input.

safe_client_builder

reqwest::ClientBuilder with redirect(Policy::none()), .no_proxy(), connect_timeout(5s), and a SafeDnsResolver baked in.

validate_url_sync

Synchronous best-effort URL validation: scheme + literal-IP only.

vendor_client_builder

reqwest::ClientBuilder with redirect(Policy::none()), .no_proxy(), and connect_timeout(5s) baked in.