Skip to content

Respect NODE_TLS_REJECT_UNAUTHORIZED environment variable#1638

Open
beary wants to merge 1 commit intohttp-party:masterfrom
beary:master
Open

Respect NODE_TLS_REJECT_UNAUTHORIZED environment variable#1638
beary wants to merge 1 commit intohttp-party:masterfrom
beary:master

Conversation

@beary
Copy link

@beary beary commented May 17, 2023
edited
Loading

vercel/next.js#49546 (comment)
vercel/next.js#45743

NODE_TLS_REJECT_UNAUTHORIZED does not work when proxy to https target. Because the rejectUnauthorized parameter was specified.

So I use the NODE_TLS_REJECT_UNAUTHORIZED as the rejectUnauthorized's value when secure wasn't specified.

This is my test code

/* test.js */
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0
const httpProxy = require('./lib/http-proxy')

const proxy = httpProxy.createServer({
  target: '<Some unsafe https url>',
  changeOrigin: true,
  ignorePath: false,
  xfwd: true,
  ws: true,
  followRedirects: false,
})
proxy.on('error', e => {
  console.log('Proxy error:', e)
})
proxy.on('proxyRes', (proxyRes, req, res) => {
  console.log('RAW Response from the target', JSON.stringify(proxyRes.headers, true, 2));
})
proxy.listen(8003)

Before:

$ node test.js
(node:9292) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use `node --trace-warnings ...` to show where the warning was created)
Proxy error: Error: unable to get local issuer certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
    at TLSSocket.emit (node:events:513:28)
    at TLSSocket._finishInit (node:_tls_wrap:959:8)
    at ssl.onhandshakedone (node:_tls_wrap:743:12) {
  code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
}

After:

$ node test
(node:17712) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use `node --trace-warnings ...` to show where the warning was created)
RAW Response from the target {
  "date": "Wed, 17 May 2023 05:04:50 GMT",
  "content-type": "application/json;charset=UTF-8",
  "content-length": "158",
  "connection": "close",
  "x-content-type-options": "nosniff",
  "x-xss-protection": "1; mode=block",
  "cache-control": "no-cache, no-store, max-age=0, must-revalidate",
  "pragma": "no-cache",
  "expires": "0",
  "strict-transport-security": "max-age=15724800; includeSubDomains",
  "x-frame-options": "DENY"
}

@JoaoOtavioS
Copy link

JoaoOtavioS commented Sep 29, 2023

Hey, good morning. I took the liberty of making a fork with almost 500 issues and 100 pull requests applied. If you want to check it out: https://github.com/squarecloudofc/http-proxy

Denoder added a commit to refactorjs/http-proxy that referenced this pull request Oct 22, 2023
@Denoder
Fix tests & add a few more pull requests
4dbda7a 
Added Pull Request from:
 - http-party/node-http-proxy#1634
- http-party/node-http-proxy#1638
- http-party/node-http-proxy#1650

fix tests that were having issues with the ports (if it fails the tests needs to be reran, seems to be an async issue)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@beary @JoaoOtavioS