fix: prevent nil panic for unsafe HEAD requests

[tal7aouy]

Description:

• Problem: When running httpx with --unsafe and sending a HEAD request, Do() could panic due to dereferencing err when it was nil (err.Error() was called even on success).
• Fix: Guard the err.Error() call by requiring err != nil before accessing it.

Fixes #2458

Summary by CodeRabbit

• Bug Fixes
  • Refined HTTP error-ignoring behavior to more precisely handle certain unsafe HEAD responses, reducing false positives when suppressing errors.
  • Retains existing exclusion for I/O timeout messages to avoid masking genuine network timeouts, improving request stability and reliability.

[neo-by-projectdiscovery-dev]

Neo - PR Security Review

No security issues found

Highlights

• Incremental update to nil pointer panic fix for unsafe HEAD requests
• Proper nil check remains in place before err.Error() call on line 227

_{Comment @pdneo help for available commands. · Open in Neo}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 4565a823-36bc-4f80-9d68-715facf5459e

📥 Commits

Reviewing files that changed from the base of the PR and between 8ae53cb and 6425eb5.

📒 Files selected for processing (1)

• common/httpx/httpx.go

🚧 Files skipped from review as they are similar to previous changes (1)

• common/httpx/httpx.go

---

Walkthrough

Refactors error-handling in the unsafe HEAD request path by replacing a switch guard with an explicit err != nil check while still excluding errors containing "i/o timeout". Flags shouldIgnoreErrors and shouldIgnoreBodyErrors are set only when the non-nil, non-timeout condition matches.

Changes

Cohort / File(s)	Summary
Error Handling Safety common/httpx/httpx.go	Replaced switch-based guard with an explicit if err != nil check for the Unsafe + HEAD path; retains exclusion of "i/o timeout" messages and sets shouldIgnoreErrors / shouldIgnoreBodyErrors only when the error is non-nil and not a timeout.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

A rabbit hops where errors hide,
Checks for nil with careful stride,
Timeouts shrugged and flags set right,
Safe requests now sleep at night. 🐇✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: prevent nil panic for unsafe HEAD requests' directly and accurately summarizes the main change: adding a guard to prevent calling err.Error() when err is nil in unsafe HEAD requests.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}