From f77c4133864b6c83597549a0ba957146d50b346d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20Mur=C3=A9?= <michael.mure@consensys.net>
Date: Mon, 21 Jul 2025 18:38:13 +0200
Subject: [PATCH] plc: better HTTP handling

---
 verifiers/did-plc/plc.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/verifiers/did-plc/plc.go b/verifiers/did-plc/plc.go
index d8c6d31..6b0fae5 100644
--- a/verifiers/did-plc/plc.go
+++ b/verifiers/did-plc/plc.go
@@ -78,11 +78,18 @@ func (d DidPlc) Document(opts ...did.ResolutionOption) (did.Document, error) {
 	if err != nil {
 		return nil, err
 	}
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("User-Agent", "go-did-it")
 
 	res, err := params.HttpClient().Do(req)
 	if err != nil {
 		return nil, fmt.Errorf("%w: %w", did.ErrResolutionFailure, err)
 	}
+	defer res.Body.Close()
+
+	if res.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("%w: HTTP %d", did.ErrResolutionFailure, res.StatusCode)
+	}
 
 	var aux struct {
 		Did                 string            `json:"did"`
@@ -95,8 +102,9 @@ func (d DidPlc) Document(opts ...did.ResolutionOption) (did.Document, error) {
 		} `json:"services"`
 	}
 
-	// limit at 1MB
-	err = json.NewDecoder(io.LimitReader(res.Body, 1<<20)).Decode(&aux)
+	// limit at 1MB to avoid abuse
+	limiter := io.LimitReader(res.Body, 1<<20)
+	err = json.NewDecoder(limiter).Decode(&aux)
 	if err != nil {
 		return nil, fmt.Errorf("%w: %w", did.ErrResolutionFailure, err)
 	}