Fix 403 forbidden error when following redirect

[fezster]

Description

Fix 403 forbidden error when following redirect.

Remove Host header which is rejected when redirect followed. Instead, let http4s set the Host header

Checklist

• Documentation Updated
• sbt scalafmtAll Run (and optionally sbt scalafmtSbt)
• At least one approval from a codeowner

Summary by CodeRabbit

Release Notes

• Chores
  • Enhanced Docker build process with multi-stage architecture and improved dependency caching for faster deployments.
  • Refined HTTP request header management to optimize communication handling.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request optimizes the Docker build process with a multi-stage build pattern that improves caching efficiency and updates the runtime base image from OpenJDK to Eclipse Temurin, while also removing the Host header from HTTP client requests.

Changes

Cohort / File(s)	Summary
Docker Build Optimization docker/Dockerfile	Introduces multi-stage build with dedicated build and runtime stages; caches project/build.sbt before full source copy; updates base image to eclipse-temurin:11-jre-jammy; adds entrypoint.sh support with normalized line endings and explicit permissions
HTTP Client Header Modification src/main/scala/http/HttpClient.scala	Removes Host header from HTTP request headers; User-Agent header retained

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A Docker build now leaps with grace,
With stages split in perfect place,
Dependencies cached for speedy hops,
While Host headers vanish—no more stops! 📦
Temurin's runtime, lean and bright,
Makes deployments fluffy and light! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main fix: removing the Host header to resolve a 403 error when following redirects, which aligns with the primary code change.
Description check	✅ Passed	The description covers the required template structure with a meaningful explanation of changes and a complete checklist, though all checklist items are unchecked.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/main/scala/http/HttpClient.scala`:
- Around line 23-26: The current FollowRedirect usage sets sensitiveHeaderFilter
= _ => true which forwards all sensitive headers to every redirect; update the
filter used in FollowRedirect (the call that constructs
FollowRedirect[IO](maxRedirects = 10, sensitiveHeaderFilter = ...)(c)) to only
allow sensitive headers for same-origin redirects or a trusted-host whitelist:
implement a predicate that compares the original request URI host (and
scheme/port if needed) against the redirect target host and returns true only
when they match (or when the redirect host is in a configured trustedDomains
set), and pass that predicate as sensitiveHeaderFilter so
Authorization/Cookie/X-Api-Key/X-Plex-Token are not sent to cross-origin
redirects.