feat: configurable rejectUnauthorized

README.md

@@ -167,11 +167,15 @@ Use [`roarr-cli`](https://github.com/gajus/roarr-cli) program to pretty-print th
  * @property environmentVariableNamespace Defines namespace of `HTTP_PROXY`, `HTTPS_PROXY` and `NO_PROXY` environment variables. (Default: `GLOBAL_AGENT_`)
  * @property forceGlobalAgent Forces to use `global-agent` HTTP(S) agent even when request was explicitly constructed with another agent. (Default: `true`)
  * @property socketConnectionTimeout Destroys socket if connection is not established within the timeout. (Default: `60000`)
+ * @property rejectUnauthorized `false` - all invalid SSL certificates are ignored and no error is thrown.
+ *                              `true` - an error is thrown when an invalid SSL certificate is detected.
+ *                              (Default: `undefined`)
  */
 type ProxyAgentConfigurationInputType = {|
   +environmentVariableNamespace?: string,
   +forceGlobalAgent?: boolean,
   +socketConnectionTimeout?: number,
+  +rejectUnauthorized?: boolean,
 |};
 
 (configurationInput: ProxyAgentConfigurationInputType) => ProxyAgentConfigurationType;

src/classes/Agent.js

@@ -3,9 +3,6 @@
 import {
   serializeError,
 } from 'serialize-error';
-import {
-  boolean,
-} from 'boolean';
 import Logger from '../Logger';
 import type {
   AgentType,
@@ -34,6 +31,8 @@ class Agent {
 
   getUrlProxy: GetUrlProxyMethodType;
 
+  rejectUnauthorized: boolean;
+
   socketConnectionTimeout: number;
 
   constructor (
@@ -42,12 +41,14 @@ class Agent {
     getUrlProxy: GetUrlProxyMethodType,
     fallbackAgent: AgentType,
     socketConnectionTimeout: number,
+    rejectUnauthorized: boolean,
   ) {
     this.fallbackAgent = fallbackAgent;
     this.isProxyConfigured = isProxyConfigured;
     this.mustUrlUseProxy = mustUrlUseProxy;
     this.getUrlProxy = getUrlProxy;
     this.socketConnectionTimeout = socketConnectionTimeout;
+    this.rejectUnauthorized = rejectUnauthorized;
   }
 
   addRequest (request: *, configuration: *) {
@@ -146,21 +147,12 @@ class Agent {
         key: configuration.key,
         passphrase: configuration.passphrase,
         pfx: configuration.pfx,
-        rejectUnauthorized: configuration.rejectUnauthorized,
+        rejectUnauthorized: configuration.rejectUnauthorized === undefined ? this.rejectUnauthorized : configuration.rejectUnauthorized,
         secureOptions: configuration.secureOptions,
         secureProtocol: configuration.secureProtocol,
         servername: configuration.servername || connectionConfiguration.host,
         sessionIdContext: configuration.sessionIdContext,
       };
-
-      // This is not ideal because there is no way to override this setting using `tls` configuration if `NODE_TLS_REJECT_UNAUTHORIZED=0`.
-      // However, popular HTTP clients (such as https://github.com/sindresorhus/got) come with pre-configured value for `rejectUnauthorized`,
-      // which makes it impossible to override that value globally and respect `rejectUnauthorized` for specific requests only.
-      //
-      // eslint-disable-next-line no-process-env
-      if (typeof process.env.NODE_TLS_REJECT_UNAUTHORIZED === 'string' && boolean(process.env.NODE_TLS_REJECT_UNAUTHORIZED) === false) {
-        connectionConfiguration.tls.rejectUnauthorized = false;
-      }
     }
 
     // $FlowFixMe It appears that Flow is missing the method description.

src/factories/createGlobalProxyAgent.js

@@ -63,6 +63,7 @@ const createConfiguration = (configurationInput: ProxyAgentConfigurationInputTyp
   const defaultConfiguration = {
     environmentVariableNamespace: typeof environment.GLOBAL_AGENT_ENVIRONMENT_VARIABLE_NAMESPACE === 'string' ? environment.GLOBAL_AGENT_ENVIRONMENT_VARIABLE_NAMESPACE : 'GLOBAL_AGENT_',
     forceGlobalAgent: typeof environment.GLOBAL_AGENT_FORCE_GLOBAL_AGENT === 'string' ? parseBoolean(environment.GLOBAL_AGENT_FORCE_GLOBAL_AGENT) : true,
+    rejectUnauthorized: typeof environment.NODE_TLS_REJECT_UNAUTHORIZED === 'string' ? parseBoolean(environment.NODE_TLS_REJECT_UNAUTHORIZED) : undefined,
     socketConnectionTimeout: typeof environment.GLOBAL_AGENT_SOCKET_CONNECTION_TIMEOUT === 'string' ? Number.parseInt(environment.GLOBAL_AGENT_SOCKET_CONNECTION_TIMEOUT, 10) : defaultConfigurationInput.socketConnectionTimeout,
   };
 
@@ -132,6 +133,7 @@ export default (configurationInput: ProxyAgentConfigurationInputType = defaultCo
         getUrlProxy(getHttpProxy),
         http.globalAgent,
         configuration.socketConnectionTimeout,
+        configuration.rejectUnauthorized,
       );
     }
   };
@@ -152,6 +154,7 @@ export default (configurationInput: ProxyAgentConfigurationInputType = defaultCo
         getUrlProxy(getHttpsProxy),
         https.globalAgent,
         configuration.socketConnectionTimeout,
+        configuration.rejectUnauthorized,
       );
     }
   };

src/types.js

@@ -57,10 +57,12 @@ export type ProxyAgentConfigurationInputType = {|
   +environmentVariableNamespace?: string,
   +forceGlobalAgent?: boolean,
   +socketConnectionTimeout?: number,
+  +rejectUnauthorized?: boolean,
 |};
 
 export type ProxyAgentConfigurationType = {|
   +environmentVariableNamespace: string,
   +forceGlobalAgent: boolean,
   +socketConnectionTimeout: number,
+  +rejectUnauthorized?: boolean,
 |};