Added optional support for allowing unauthorized TLS/SSL certificate …

…requests in runtimes which support it.
ngnjs · Sep 13, 2022 · d074fd5 · d074fd5
1 parent 1c7f117
commit d074fd5
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 3 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@ngnjs/net",
-  "version": "1.0.0-alpha.23",
+  "version": "1.0.0-alpha.24",
   "description": "A network communications plugin for NGN.",
   "main": "./src/index.js",
   "module": "index.js",

diff --git a/src/Resource.js b/src/Resource.js
@@ -139,7 +139,8 @@ export default class Resource extends Client {
        * - `error`: abort with an error if a redirect occurs
        * - `manual`: handle redirects manually
        */
-      redirect: coalesce(cfg.redirect, this.#redirect, 'follow')
+      redirect: coalesce(cfg.redirect, this.#redirect, 'follow'),
+      allowInvalidCertificates: coalesceb(cfg.allowInvalidCertificates, false)
     })
 
     /**
@@ -229,6 +230,13 @@ export default class Resource extends Client {
      * Set this to true to rewrite all URL's to use HTTPS.
      */
 
+    /**
+     * @cfg {boolean} [allowInvalidCertificates=false]
+     * Allow HTTPS requests even if the certificate cannot be validated.
+     * @warning This only works in JavaScript runtimes that allow
+     * unauthorized certificates to be used.
+     */
+
     /**
      * @cfg {boolean} [nocache=false]
      * This sets the `Cache-Control` header to `no-cache`.

diff --git a/src/lib/Request.js b/src/lib/Request.js
@@ -42,6 +42,7 @@ export default class Request extends NGN.EventEmitter { // eslint-disable-line n
   #verifyKey
   #encryptKey
   #decryptKey
+  #allowInvalidCertificates = true
 
   constructor (cfg = {}) {
     super()
@@ -204,6 +205,8 @@ export default class Request extends NGN.EventEmitter { // eslint-disable-line n
      */
     this.mode = coalesceb(cfg.mode)
 
+    this.#allowInvalidCertificates = coalesceb(cfg.allowInvalidCertificates, false)
+
     Object.defineProperties(this, {
       /**
        * @cfg {boolean} [enforceMethodSafety=true]
@@ -415,6 +418,21 @@ export default class Request extends NGN.EventEmitter { // eslint-disable-line n
     this.prepareBody()
   }
 
+  /**
+   * @cfgproperty {boolean} [allowInvalidCertificates=true]
+   * When set to true, invalid TLS/SSL certificates will
+   * be ignored. This only applies to JavaScript runtimes
+   * which allow unverified HTTPS connections. Most browser
+   * engines do not support this.
+   */
+  get allowInvalidCertificates () {
+    return !this.#allowInvalidCertificates
+  }
+
+  set allowInvalidCertificates (value) {
+    this.#allowInvalidCertificates = !value
+  }
+
   /**
    * @cfgproperty {string} signingKey
    * The private key used to sign requests. This can
@@ -986,7 +1004,8 @@ export default class Request extends NGN.EventEmitter { // eslint-disable-line n
       cache: this.#cache,
       redirect: this.redirect,
       referrer: coalesceb(this.referrer),
-      referrerPolicy: this.#referrerPolicy
+      referrerPolicy: this.#referrerPolicy,
+      rejectUnauthorized: !this.#allowInvalidCertificates
     }
 
     if (this.#cache === 'only-if-cached' || this.#mode !== null) {