search

tinify / tinify-nodejs

Node.js client for the Tinify API.
https://tinypng.com/developers
MIT License
421 stars 74 forks source link

Make rejectUnauthorized configurable #18

Closed alexanderbartels closed 6 years ago

alexanderbartels commented 6 years ago

Hey,

i'm trying to use your API Client inside a corporate network. We have to use a proxy. But SSL verification fails. It would be awesome if the rejectUnauthorized will be configurable.

To verify my solution, i've added the follwing after Line https://github.com/tinify/tinify-nodejs/blob/master/lib/tinify/Client.js#L31 

tlsOptions: {
  rejectUnauthorized: false
}

Would you accept a PR for it or should i go with a fork for myself?

rolftimmermans commented 6 years ago

Thanks for your suggestion. The SSL verification is a safeguard to make sure any API client user is connecting directly to the Tinify API. If your corporate proxy allows HTTP tunnelling with CONNECT then the certificate should still be validated correctly.

A verification failure is an issue that indicates someone is using a man-in-the-middle server, which can potentially be harmful. This is not something we want our API users to work around easily because it can be a symptom of an insecure connection. If you are certain that your corporate proxy is trustworthy you could fork our API client and add the root certificate that is used to sign the certificate provided by the man-in-the-middle proxy to the list of known root certificates (this list is in lib/data/cacert.pem). I hope you understand this would be something that we can't include in the official release of the API client, though.

Hope this clears things up; please feel free to post follow up questions or contact us via email at support@tinify.com.