37

I need to disable peer SSL validation for some of my https requests using node.js Right now I use node-fetch package which doesn't have that option, as far as I know.

That should be something like CURL's CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false

Does any networking package allow to do so? Is there a way to skip SSL validation in axios maybe?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Dmitry Samoylov
  • 1,228
  • 3
  • 17
  • 27

1 Answers1

80

Axios doesn't address that situation so far - you can try:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

BUT THAT'S A VERY BAD IDEA since it disables SSL across the whole node server.

Or, you can configure axios to use a custom agent and set rejectUnauthorized to false for that agent as mentioned here.

Example:

const https = require('https');
const axios = require('axios')
//or
// import https from 'https';
// import axios from 'axios';

// At instance level
const instance = axios.create({
  httpsAgent: new https.Agent({  
    rejectUnauthorized: false
  })
});

instance.get('https://something.com/foo');

// At request level
const agent = new https.Agent({  
  rejectUnauthorized: false
});

axios.get('https://something.com/foo', { httpsAgent: agent });
Oleg Abrazhaev
  • 2,751
  • 2
  • 28
  • 41
iLuvLogix
  • 5,920
  • 3
  • 26
  • 43