Skip to content

[RQ-737]: Skip SSL Verification #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TejaChitturi wants to merge 3 commits into
base: master
Choose a base branch
from
Open

[RQ-737]: Skip SSL Verification #308

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
edebecd
[RQ-737]: Skip SSL Verification
TejaChitturi Mar 18, 2026
d3af357
fixed edge cases
TejaChitturi Mar 23, 2026
aae9c99
added comment
TejaChitturi Mar 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 15 additions & 10 deletions src/main/actions/getProxiedAxios.ts
View file
Open in desktop
Copy link
Copy Markdown
Collaborator

@nsrCodes nsrCodes Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

needs a compatibility flag + a release plan

because even though the IPC call seems safe across version, we wouldn't want to show the feature on versions where the functionality isn't enforced

Original file line number Diff line number Diff line change
Expand Up @@ -91,31 +91,33 @@ function createAxiosInstance(
}),
});
} else {
instance = axios.create({
proxy: false,
});
instance = axios.create({ proxy: false });

instance.interceptors.request.use(async (requestConfig) => {
const { url: requestUrl } = requestConfig;
instance.interceptors.request.use(async (requestConfig: any) => {
const { url: requestUrl, sslVerificationDisabled } = requestConfig;

if (!requestUrl) {
return requestConfig;
}

const url = new URL(requestUrl);
const { hostname, port: urlPort, protocol } = url;
const port = urlPort ? parseInt(urlPort, 10) : (protocol === "https:" ? 443 : 80);

const isLocalhost = hostname === "localhost"
const isLocalhost = hostname === "localhost"
|| hostname === LOCAL_IPV4
|| hostname === `[${LOCAL_IPV6}]`
|| hostname === LOCAL_UNSPECIFIED;

if (isLocalhost) {
const port = urlPort ? parseInt(urlPort, 10) : protocol === "https:" ? 443 : 80;

const lookup = await createLocalhostLookup(port);
const agentOptions = {
lookup,
rejectUnauthorized: sslVerificationDisabled !== true, // false = skip SSL verification, true = enforce certificate validation
};

requestConfig.httpAgent = new http.Agent({ lookup });
requestConfig.httpsAgent = new https.Agent({ lookup });
requestConfig.httpsAgent = new https.Agent(agentOptions);

// Node.js skips DNS lookup for raw IP literals, so the custom lookup
// above has no effect. Rewrite the URL to the concrete working IP.
Expand All @@ -127,6 +129,9 @@ function createAxiosInstance(
requestConfig.url = requestUrl.replace(hostname, targetIp);
}
}
} else if (sslVerificationDisabled) {
// Handle standard web requests where SSL is bypassed
requestConfig.httpsAgent = new https.Agent({ rejectUnauthorized: false });
Comment on lines 96 to +134
Copy link
Copy Markdown
Collaborator

@nsrCodes nsrCodes Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

now that we have two things affecting the https agent config, can we structure this code better to be readable.

Copy link
Copy Markdown
Collaborator

@nsrCodes nsrCodes Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

discussed further on call

}

return requestConfig;
Expand Down Expand Up @@ -164,7 +169,7 @@ export const createOrUpdateAxiosInstance = (
};

/*
[Intentional] add cookies by default. In line with emulating browser behaviour.
[Intentional] add cookies by default. In line with emulating browser behaviour.
A better name could be excludeCredentials=false .
did this because a flag called `withCredentials` has now been released for extension
*/
Expand Down
2 changes: 2 additions & 0 deletions src/main/actions/makeApiClientRequest.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,8 @@ const makeApiClientRequest = async ({ apiRequest }) => {
validateStatus: () => {
return true;
},
// Pass the SSL flag down for the interceptor to handle
sslVerificationDisabled: apiRequest.sslVerificationDisabled === true,
});
const responseTime = performance.now() - requestStartTime;

Expand Down