I need to disable peer SSL validation for some of my https
requests using node.js
Right now I use node-fetch
package which doesn't have that option, as far as I know.
That should be something like CURL's CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false
Does any networking package allow to do so? Is there a way to skip SSL validation in axios maybe?
Axios doesn't address that situation so far - you can try:
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
BUT THAT'S A VERY BAD IDEA since it disables SSL across the whole node server.
Or, you can configure axios to use a custom agent and set rejectUnauthorized
to false
for that agent as mentioned here.
Example:
// At instance level
const instance = axios.create({
httpsAgent: new https.Agent({
rejectUnauthorized: false
})
});
instance.get('https://something.com/foo');
// At request level
const agent = new https.Agent({
rejectUnauthorized: false
});
axios.get('https://something.com/foo', { httpsAgent: agent });