feat: support insecure flag on Config
#59
Conversation
* Allows passing 'insecure' bool. This has no production ramifications, if someone were to do this, we don't even listen on port 80. The application is for local dev, or in other unique environments. This is a common pattern to have secure-by-default, but opt into insecure with an explicit flag, see grpc-go APIs. * Unifies a bit of url building, and adopt a more service/method pattern
|
When testing against the local development server we've been adding this to test script and accepting the self-signed certificate with a browser so it's added to the keychain. process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = '0'We can't publish a product with an insecure mode, so does this unblock you or is there another workaround needed? |
|
It doesn't unblock me because locally, I have a non-https server running, so I'll need to figure an alternative route or just keep this patch applied locally for myself. I would still strongly say this isn't any insecurity for production since production servers don't even listen on 80, so a connection cannot be established and no data would be transmitted insecurely. Tangentially, I'm exploring a building a local emulator/simulator https://github.com/mattrobenolt/ps-http-sim which has been nice for me to test with rather than a real edge environment. |
Oh, cool! That could be useful for me too. I'll close this out for now. |
if someone were to do this, we don't even listen on port 80. The
application is for local dev, or in other unique environments. This is
a common pattern to have secure-by-default, but opt into insecure with
an explicit flag, see grpc-go APIs.
pattern
If you can guide me on how to write a test for this, that'd be great. This is all foreign to me. 馃槆