Menu
I need to disable peer SSL validation for some of my https requests using node.js
Right now I use node-fetch package which doesn't have that option, as far as I know.
That should be something like CURL's CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false
Does any networking package allow to do so? Is there a way to skip SSL validation in axios maybe?
857
The easiest solution to resolve these errors is to use the “rejectUnauthorized” option shown below. However, this method is unsafe because it disables the server certificate verification, making the Node app open to MITM attack.
Axios doesn't address that situation so far - you can try:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
BUT THAT'S A VERY BAD IDEA since it disables SSL across the whole node server.
Or, you can configure axios to use a custom agent and set rejectUnauthorized to false for that agent as mentioned here.
Example:
const https = require('https');
const axios = require('axios')
//or
// import https from 'https';
// import axios from 'axios';
// At instance level
const instance = axios.create({
httpsAgent: new https.Agent({
rejectUnauthorized: false
})
});
instance.get('https://something.com/foo');
// At request level
const agent = new https.Agent({
rejectUnauthorized: false
});
axios.get('https://something.com/foo', { httpsAgent: agent });
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
