Cleanup parameters for proxied https requests.

Cimpress-MCP · Apr 27, 2015 · f69accb · f69accb
1 parent 0744ebe
commit f69accb
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 7 deletions.
diff --git a/lib/proxy/config.js b/lib/proxy/config.js
@@ -48,8 +48,13 @@ function ProxyConfig(config) {
     }
 
     // If we know that the host behind the reverse proxy is serving https but is not doing so on port 443, we can force
-    // the use of the HTTPS_AGENT by setting the secure config param.
-    Object.defineProperty(this_obj, 'secure', { 'value': config.secure, writable: false, enumerable: true });
+    // the use of the HTTPS_AGENT by setting the to_port_is_https config param.
+    Object.defineProperty(this_obj, 'to_port_is_https', { 'value': config.to_port_is_https, writable: false, enumerable: true });
+
+    // By default, we will validate the cert of proxied or reverse-proxied requests if the target server is HTTPS.
+    var validate_target_cert = true;
+    if (config.validate_target_cert) validate_target_cert = config.validate_target_cert;
+    Object.defineProperty(this_obj, 'validate_target_cert', { 'value': validate_target_cert, writable: false, enumerable: true });
 
     // An optional object defining quotas to apply to inbound requests.
     Object.defineProperty(this_obj, 'quotas', { 'value': (config.quotas || {thresholds:{}}), writable: false, enumerable: true});

diff --git a/lib/proxy/index.js b/lib/proxy/index.js
@@ -122,7 +122,7 @@ Proxy.prototype.getConnectProxyApp = function() {
 
       this_obj.logger.debug('headers:\n%s', require('util').inspect(req.headers));
       this_obj.logger.debug('url: %s', req.target_url);
-      proxy.web(req, res, {agent: agent, target: req.target_url, secure: false});
+      proxy.web(req, res, {agent: agent, target: req.target_url, secure: this_obj.config.validate_target_cert});
     }
   );
 };
@@ -203,9 +203,11 @@ Proxy.prototype.getConnectReverseProxyApp = function() {
     function(req, res) {
       // Proxy a web request to the target port on localhost using the provided agent.
       // If no agent is provided, node-http-proxy will return a connection: close.
-      var agent = this_obj.config.to_port === 443 || this_obj.config.secure ? HTTPS_AGENT : HTTP_AGENT;
+      var https = this_obj.config.to_port === 443 || this_obj.config.to_port_is_https;
+      var agent = https ? HTTPS_AGENT : HTTP_AGENT;
+      var secure = https && this_obj.config.validate_target_cert;
 
-      proxy.web(req, res, {agent: agent, target: { 'host' : this_obj.config.target_host, 'port' : this_obj.config.to_port }});
+      proxy.web(req, res, {agent: agent, target: { 'host' : this_obj.config.target_host, 'port' : this_obj.config.to_port, 'secure': secure }});
     }
   );
 };
@@ -257,12 +259,12 @@ Proxy.prototype.start = function(cb) {
     var backup_server = create_http_server();
     /* istanbul ignore next */
     backup_server.on('listening', function(err) {
-      if (err) return this_obj.logger.info("Not listening on backup server due to error: %s", err);
+      if (err) return this_obj.logger.debug("Not listening on backup server due to error: %s", err);
 
       Object.defineProperty(this_obj, 'backup_server', { 'value': backup_server, writable: false, enumerable: true });
     });
     backup_server.on('error', function(err) {
-      if (err) return this_obj.logger.info("Backup server init error: %s", err);
+      if (err) return this_obj.logger.debug("Backup server init error: %s", err);
     });
     backup_server.listen(this_obj.config.from_port, '0.0.0.0');