Skip to content

Respect NODE_TLS_REJECT_UNAUTHORIZED environment variable #1638

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Respect NODE_TLS_REJECT_UNAUTHORIZED environment variable #1638

wants to merge 1 commit into from

Conversation

beary
Copy link

@beary beary commented May 17, 2023
edited
Loading

vercel/next.js#49546 (comment)
vercel/next.js#45743

NODE_TLS_REJECT_UNAUTHORIZED does not work when proxy to https target. Because the rejectUnauthorized parameter was specified.

So I use the NODE_TLS_REJECT_UNAUTHORIZED as the rejectUnauthorized's value when secure wasn't specified.

This is my test code

/* test.js */
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0
const httpProxy = require('./lib/http-proxy')

const proxy = httpProxy.createServer({
  target: '<Some unsafe https url>',
  changeOrigin: true,
  ignorePath: false,
  xfwd: true,
  ws: true,
  followRedirects: false,
})
proxy.on('error', e => {
  console.log('Proxy error:', e)
})
proxy.on('proxyRes', (proxyRes, req, res) => {
  console.log('RAW Response from the target', JSON.stringify(proxyRes.headers, true, 2));
})
proxy.listen(8003)

Before:

$ node test.js
(node:9292) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use `node --trace-warnings ...` to show where the warning was created)
Proxy error: Error: unable to get local issuer certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
    at TLSSocket.emit (node:events:513:28)
    at TLSSocket._finishInit (node:_tls_wrap:959:8)
    at ssl.onhandshakedone (node:_tls_wrap:743:12) {
  code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
}

After:

$ node test
(node:17712) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use `node --trace-warnings ...` to show where the warning was created)
RAW Response from the target {
  "date": "Wed, 17 May 2023 05:04:50 GMT",
  "content-type": "application/json;charset=UTF-8",
  "content-length": "158",
  "connection": "close",
  "x-content-type-options": "nosniff",
  "x-xss-protection": "1; mode=block",
  "cache-control": "no-cache, no-store, max-age=0, must-revalidate",
  "pragma": "no-cache",
  "expires": "0",
  "strict-transport-security": "max-age=15724800; includeSubDomains",
  "x-frame-options": "DENY"
}

@JoaoOtavioS
Copy link

Hey, good morning. I took the liberty of making a fork with almost 500 issues and 100 pull requests applied. If you want to check it out: https://github.com/squarecloudofc/http-proxy

Denoder added a commit to refactorjs/http-proxy that referenced this pull request Oct 22, 2023
@Denoder
Fix tests & add a few more pull requests
4dbda7a 
Added Pull Request from:
 - http-party/node-http-proxy#1634
- http-party/node-http-proxy#1638
- http-party/node-http-proxy#1650

fix tests that were having issues with the ports (if it fails the tests needs to be reran, seems to be an async issue)
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@beary @JoaoOtavioS