Skip to content

Commit

Permalink
Make the enableUnixSockets to be false by default
Browse files Browse the repository at this point in the history
  • Loading branch information
sindresorhus committed May 27, 2023
1 parent 52a1063 commit 852c312
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 12 deletions.
11 changes: 5 additions & 6 deletions documentation/2-options.md
Original file line number Diff line number Diff line change
Expand Up @@ -944,9 +944,9 @@ As the [specification](https://tools.ietf.org/html/rfc7231#section-6.4) prefers
### `enableUnixSockets`

**Type: `boolean`**\
**Default: `true`**
**Default: `false`**

When enabled, requests can also be sent via [UNIX Domain Sockets](https://serverfault.com/questions/124517/what-is-the-difference-between-unix-sockets-and-tcp-ip-sockets). Please note that in the upcoming major release (Got v13) this default will be changed to `false` for security reasons.
When enabled, requests can also be sent via [UNIX Domain Sockets](https://serverfault.com/questions/124517/what-is-the-difference-between-unix-sockets-and-tcp-ip-sockets).

> **Warning**
> Make sure you do your own URL sanitizing if you accept untrusted user input for the URL.
Expand All @@ -965,11 +965,10 @@ await got('http://unix:/var/run/docker.sock:/containers/json', {enableUnixSocket
// Or without protocol (HTTP by default)
await got('unix:/var/run/docker.sock:/containers/json', {enableUnixSockets: true});

// Disable Unix sockets
const gotUnixSocketsDisabled = got.extend({enableUnixSockets: false});
// Enable Unix sockets for the whole instance.
const gotWithUnixSockets = got.extend({enableUnixSockets: true});

// RequestError: Using UNIX domain sockets but option `enableUnixSockets` is not enabled
await gotUnixSocketsDisabled('http://unix:/var/run/docker.sock:/containers/json');
await gotWithUnixSockets('http://unix:/var/run/docker.sock:/containers/json');
```

## Methods
Expand Down
2 changes: 1 addition & 1 deletion source/core/options.ts
Original file line number Diff line number Diff line change
Expand Up @@ -827,7 +827,7 @@ const defaultInternals: Options['_internals'] = {
setHost: true,
maxHeaderSize: undefined,
signal: undefined,
enableUnixSockets: true,
enableUnixSockets: false,
};

const cloneInternals = (internals: typeof defaultInternals) => {
Expand Down
8 changes: 5 additions & 3 deletions test/redirects.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,14 +46,16 @@ test('cannot redirect to UNIX protocol when UNIX sockets are enabled', withServe
server.get('/protocol', unixProtocol);
server.get('/hostname', unixHostname);

t.true(got.defaults.options.enableUnixSockets);
const gotUnixSocketsEnabled = got.extend({enableUnixSockets: true});

await t.throwsAsync(got('protocol'), {
t.true(gotUnixSocketsEnabled.defaults.options.enableUnixSockets);

await t.throwsAsync(gotUnixSocketsEnabled('protocol'), {
message: 'Cannot redirect to UNIX socket',
instanceOf: RequestError,
});

await t.throwsAsync(got('hostname'), {
await t.throwsAsync(gotUnixSocketsEnabled('hostname'), {
message: 'Cannot redirect to UNIX socket',
instanceOf: RequestError,
});
Expand Down
6 changes: 4 additions & 2 deletions test/unix-socket.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@ import process from 'process';
import {format} from 'util';
import test from 'ava';
import type {Handler} from 'express';
import got from '../source/index.js';
import baseGot from '../source/index.js';
import {withSocketServer} from './helpers/with-server.js';

const got = baseGot.extend({enableUnixSockets: true});

const okHandler: Handler = (_request, response) => {
response.end('ok');
};
Expand All @@ -21,7 +23,7 @@ if (process.platform !== 'win32') {
server.on('/', okHandler);

const url = format('http://unix:%s:%s', server.socketPath, '/');
t.is((await got(url)).body, 'ok');
t.is((await got(url, {})).body, 'ok');
});

test('protocol-less works', withSocketServer, async (t, server) => {
Expand Down

0 comments on commit 852c312

Please # to comment.