Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Respect NODE_TLS_REJECT_UNAUTHORIZED environment variable #1638

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

beary
Copy link

@beary beary commented May 17, 2023

vercel/next.js#49546 (comment)
vercel/next.js#45743

NODE_TLS_REJECT_UNAUTHORIZED does not work when proxy to https target. Because the rejectUnauthorized parameter was specified.

So I use the NODE_TLS_REJECT_UNAUTHORIZED as the rejectUnauthorized's value when secure wasn't specified.

This is my test code

/* test.js */
process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0
const httpProxy = require('./lib/http-proxy')

const proxy = httpProxy.createServer({
  target: '<Some unsafe https url>',
  changeOrigin: true,
  ignorePath: false,
  xfwd: true,
  ws: true,
  followRedirects: false,
})
proxy.on('error', e => {
  console.log('Proxy error:', e)
})
proxy.on('proxyRes', (proxyRes, req, res) => {
  console.log('RAW Response from the target', JSON.stringify(proxyRes.headers, true, 2));
})
proxy.listen(8003)

Before:

$ node test.js
(node:9292) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use `node --trace-warnings ...` to show where the warning was created)
Proxy error: Error: unable to get local issuer certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1540:34)
    at TLSSocket.emit (node:events:513:28)
    at TLSSocket._finishInit (node:_tls_wrap:959:8)
    at ssl.onhandshakedone (node:_tls_wrap:743:12) {
  code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
}

After:

$ node test
(node:17712) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use `node --trace-warnings ...` to show where the warning was created)
RAW Response from the target {
  "date": "Wed, 17 May 2023 05:04:50 GMT",
  "content-type": "application/json;charset=UTF-8",
  "content-length": "158",
  "connection": "close",
  "x-content-type-options": "nosniff",
  "x-xss-protection": "1; mode=block",
  "cache-control": "no-cache, no-store, max-age=0, must-revalidate",
  "pragma": "no-cache",
  "expires": "0",
  "strict-transport-security": "max-age=15724800; includeSubDomains",
  "x-frame-options": "DENY"
}

@JoaoOtavioS
Copy link

Hey, good morning. I took the liberty of making a fork with almost 500 issues and 100 pull requests applied. If you want to check it out: https://github.com/squarecloudofc/http-proxy

Denoder added a commit to refactorjs/http-proxy that referenced this pull request Oct 22, 2023
Added Pull Request from:
 - http-party/node-http-proxy#1634
- http-party/node-http-proxy#1638
- http-party/node-http-proxy#1650

fix tests that were having issues with the ports (if it fails the tests needs to be reran, seems to be an async issue)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants