search

npm / minipass-fetch

An implementation of window.fetch in Node.js using Minipass streams
Other
54 stars 11 forks source link

feat: respect NODE_TLS_REJECT_UNAUTHORIZED #146

Closed pbeast closed 4 months ago

pbeast commented 5 months ago

As described in #61, setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable doesn't change the library's behavior. This is required in different scenarios, such as testing, self-signed certificates, ZScaler, etc.

This PR adds a check for the process's environment variable NODE_TLS_REJECT_UNAUTHORIZED, and if it is set to 0 sets rejectUnauthorized to false.

if (process.env['NODE_TLS_REJECT_UNAUTHORIZED'] == '0') {
  console.warn("-----------------------[ minipass-fetch ]-----------------------------");
  console.warn("- NODE_TLS_REJECT_UNAUTHORIZED is set to 0. This is not recommended. -");
  console.warn("----------------------------------------------------------------------");

  options.agent.options.rejectUnauthorized = false;
}

References

Fixes #61 Closes #61

wraithgar commented 5 months ago

This will need a test to cover the if statement.

wraithgar commented 5 months ago

npm has a strict-ssl flag, does that not work for this use case?

pbeast commented 5 months ago

npm has a strict-ssl flag, does that not work for this use case?

Nope 😔 Unfortunately, this flag doesn't solve the problem.

pbeast commented 5 months ago

I will add the test and fix the logging. Please keep the PR open.

pbeast commented 5 months ago

Hi @wraithgar , I made the requested changes. Can you please check?

reggi commented 4 months ago

hey @pbeast thanks for digging into this but I've added tests here https://github.com/npm/minipass-fetch/pull/149 that show this already works in minipass-fetch, I believe that node-gyp needs to pass the strictSSL option to make-fetch-happen. I'm gonna close this out and the corresponding issue.