fix: stop ignoring NODE_TLS_REJECT_UNAUTHORIZED when strictSSL is not defined #316
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This was brought up before in #257. Given its use in Is this a breaking change? |
|
Hey @wraithgar, confirming this is a non-breaking change. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
wraithgar
changed the title
wraithgar
changed the title
This was referenced Oct 16, 2024
Merged
|
|
wraithgar
changed the title
wraithgar
approved these changes
Oct 21, 2024
Merged
wraithgar
pushed a commit
that referenced
this pull request
Oct 23, 2024
🤖 I have created a release *beep* *boop* --- ## [14.0.3](v14.0.2...v14.0.3) (2024-10-21) ### Bug Fixes * [`3e0fe87`](3e0fe87) [#316](#316) stop ignoring NODE_TLS_REJECT_UNAUTHORIZED when strictSSL is not defined (#316) (@brunoargolo, Bruno Oliveira) ### Dependencies * [`05fbcc3`](05fbcc3) [#327](#327) bump negotiator from 0.6.4 to 1.0.0 (#327) (@dependabot[bot]) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently NODE_TLS_REJECT_UNAUTHORIZED is simply ignored as options.rejectUnauthorized is always set to false when strictSSL is not defined.
Most notably this causes issues for users behind corporate proxies using npm and pnpm when installing a package that uses node-gyp. Example: nodejs/node-gyp#2663
This change only takes into account NODE_TLS_REJECT_UNAUTHORIZED when strictSSL is not passed to fetch.
unit tests were added to ensure strictSSL is still the primary driver.