What is the difference between strictSSL=false and rejectUnauthorized=false options in NodeJS?
The names are confusing and I did not find documentation, explaining the difference.
Asked
Active
Viewed 7,388 times
3
-
1https://stackoverflow.com/a/31862256/5617140 – damitj07 Mar 16 '18 at 12:14
-
Well, and what is the difference with strictSSL=false ? – Andrew Rukin Mar 16 '18 at 12:34
2 Answers
2
I think these two flag options are used in different context and are not exactly comparable. On one hand, you can look at rejectUnauthorized=false flag in node runtime context which does as quoted in this answer :
By setting rejectUnauthorized: false, you're saying "I don't care if I can't verify the server's identity." Obviously, this is not a good solution as it leaves you vulnerable to MITM attacks.
Whereas you can look at strictSSL=false as more build and setup context as this is the flag you pass to npm when installing dependencies from an HTTP source rather than https as mentioned in this post.
HTH.
damitj07
- 2,689
- 1
- 21
- 40
1
The difference between the two is that strictSSL is part of the request package and rejectUnauthorized is a native property of NodeJS. Both do the exact same thing in the end though. In the request package, rejectUnauthorized is set to false when strictSSL is set to false, which you can see here.
Gijs
- 79
- 6