Fix missing body.Close() in bearer auth (#1482)

spikecurtis · web-flow · commit 1711cefd7eec · 2022-10-30T16:37:17.000-04:00
Signed-off-by: Spike Curtis &lt;spike@coder.com&gt;

Signed-off-by: Spike Curtis &lt;spike@coder.com&gt;
diff --git a/pkg/v1/remote/transport/bearer.go b/pkg/v1/remote/transport/bearer.go
@@ -87,6 +87,9 @@ func (bt *bearerTransport) RoundTrip(in *http.Request) (*http.Response, error) {
 
 	// If we hit a WWW-Authenticate challenge, it might be due to expired tokens or insufficient scope.
 	if challenges := authchallenge.ResponseChallenges(res); len(challenges) != 0 {
+		// close out old response, since we will not return it.
+		res.Body.Close()
+
 		newScopes := []string{}
 		for _, wac := range challenges {
 			// TODO(jonjohnsonjr): Should we also update "realm" or "service"?
