From e632d2bb692a22fe2d8f9b6e26105f2e3a0689e4 Mon Sep 17 00:00:00 2001 From: Steve Sanderson Date: Fri, 7 Jul 2017 12:05:07 +0100 Subject: [PATCH] In domain-task/fetch, only apply HTTPS cert validation workaround for HTTPS requests (not HTTP) --- .../npm/domain-task/package.json | 2 +- .../npm/domain-task/src/fetch.ts | 18 +++++++++++------- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/package.json b/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/package.json index 7a53414..b22be85 100644 --- a/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/package.json +++ b/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/package.json @@ -1,6 +1,6 @@ { "name": "domain-task", - "version": "3.0.2", + "version": "3.0.3", "description": "Tracks outstanding operations for a logical thread of execution", "main": "index.js", "scripts": { diff --git a/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/src/fetch.ts b/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/src/fetch.ts index 3bd76ca..fa576cf 100644 --- a/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/src/fetch.ts +++ b/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/src/fetch.ts @@ -6,6 +6,7 @@ import { baseUrl } from './main'; const isomorphicFetch = require('isomorphic-fetch'); const isNode = typeof process === 'object' && process.versions && !!process.versions.node; const nodeHttps = isNode && require('https'); +const isHttpsRegex = /^https\:/; function issueRequest(baseUrl: string, req: string | Request, init?: RequestInit): Promise { const reqUrl = (req instanceof Request) ? req.url : req; @@ -30,11 +31,11 @@ function issueRequest(baseUrl: string, req: string | Request, init?: RequestInit `); } - init = applyHttpsAgentPolicy(init, isRelativeUrl); + init = applyHttpsAgentPolicy(init, isRelativeUrl, baseUrl); return isomorphicFetch(req, init); } -function applyHttpsAgentPolicy(init: RequestInit, isRelativeUrl: boolean): RequestInit { +function applyHttpsAgentPolicy(init: RequestInit, isRelativeUrl: boolean, baseUrl: string): RequestInit { // HTTPS is awkward in Node because it uses a built-in list of CAs, rather than recognizing // the OS's system-level CA list. There are dozens of issues filed against Node about this, // but still (as of v8.0.0) no resolution besides manually duplicating your CA config. @@ -54,12 +55,15 @@ function applyHttpsAgentPolicy(init: RequestInit, isRelativeUrl: boolean): Reque // for 'agent' (which would let you set up other HTTPS-handling policies), then we automatically // disable cert verification for that request. if (isNode && isRelativeUrl) { - const hasAgentConfig = init && ('agent' in init); - if (!hasAgentConfig) { - const agentForRequest = new (nodeHttps.Agent)({ rejectUnauthorized: false }); + const isHttps = baseUrl && isHttpsRegex.test(baseUrl); + if (isHttps) { + const hasAgentConfig = init && ('agent' in init); + if (!hasAgentConfig) { + const agentForRequest = new (nodeHttps.Agent)({ rejectUnauthorized: false }); - init = init || {}; - (init as any).agent = agentForRequest; + init = init || {}; + (init as any).agent = agentForRequest; + } } }