From 1711cefd7eec057d3892d0bbce1bcd3f8c46d606 Mon Sep 17 00:00:00 2001
From: Spike Curtis <spike@spikecurtis.com>
Date: Sun, 30 Oct 2022 13:37:17 -0700
Subject: [PATCH] Fix missing body.Close() in bearer auth (#1482)

Signed-off-by: Spike Curtis <spike@coder.com>

Signed-off-by: Spike Curtis <spike@coder.com>
---
 pkg/v1/remote/transport/bearer.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/v1/remote/transport/bearer.go b/pkg/v1/remote/transport/bearer.go
index 0e8f78352..2131ee487 100644
--- a/pkg/v1/remote/transport/bearer.go
+++ b/pkg/v1/remote/transport/bearer.go
@@ -87,6 +87,9 @@ func (bt *bearerTransport) RoundTrip(in *http.Request) (*http.Response, error) {
 
 	// If we hit a WWW-Authenticate challenge, it might be due to expired tokens or insufficient scope.
 	if challenges := authchallenge.ResponseChallenges(res); len(challenges) != 0 {
+		// close out old response, since we will not return it.
+		res.Body.Close()
+
 		newScopes := []string{}
 		for _, wac := range challenges {
 			// TODO(jonjohnsonjr): Should we also update "realm" or "service"?