From 89d4fe91bc46ebe7aa87465992b315936917354b Mon Sep 17 00:00:00 2001
From: Evan <2869018789@qq.com>
Date: Mon, 22 Jun 2026 10:56:15 +0800
Subject: [PATCH] fix: add bounded timeout to Firecrawl credential validation
 (#37638)

---
 api/services/auth/firecrawl/firecrawl.py                  | 6 +++++-
 api/tests/unit_tests/services/auth/test_firecrawl_auth.py | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/api/services/auth/firecrawl/firecrawl.py b/api/services/auth/firecrawl/firecrawl.py
index bfced19128c..387f75dee94 100644
--- a/api/services/auth/firecrawl/firecrawl.py
+++ b/api/services/auth/firecrawl/firecrawl.py
@@ -5,6 +5,10 @@ import httpx
 
 from services.auth.api_key_auth_base import ApiKeyAuthBase, AuthCredentials
 
+# Explicit bounded timeout for credential-validation requests so a slow or
+# hanging Firecrawl endpoint cannot block the worker indefinitely.
+_CREDENTIAL_TIMEOUT = httpx.Timeout(10.0)
+
 
 class FirecrawlAuth(ApiKeyAuthBase):
     def __init__(self, credentials: AuthCredentials):
@@ -42,7 +46,7 @@ class FirecrawlAuth(ApiKeyAuthBase):
         return f"{self.base_url.rstrip('/')}/{path.lstrip('/')}"
 
     def _post_request(self, url, data, headers):
-        return httpx.post(url, headers=headers, json=data)
+        return httpx.post(url, headers=headers, json=data, timeout=_CREDENTIAL_TIMEOUT)
 
     def _handle_error(self, response):
         try:
diff --git a/api/tests/unit_tests/services/auth/test_firecrawl_auth.py b/api/tests/unit_tests/services/auth/test_firecrawl_auth.py
index 1369ff2ba05..8f8435cc59f 100644
--- a/api/tests/unit_tests/services/auth/test_firecrawl_auth.py
+++ b/api/tests/unit_tests/services/auth/test_firecrawl_auth.py
@@ -86,6 +86,7 @@ class TestFirecrawlAuth:
             "https://api.firecrawl.dev/v1/crawl",
             headers={"Content-Type": "application/json", "Authorization": "Bearer test_api_key_123"},
             json=expected_data,
+            timeout=httpx.Timeout(10.0),
         )
 
     @pytest.mark.parametrize(