fetch() SSL disable certificate validation

[marek-benes]

Hello, is there any way to disable SSL certificate validation for self-signed certificates or expired ones?

Thank you.

[bnoordhuis]

Yes, pass { rejectUnauthorized: false } in the options argument to tls.connect(), https.request(), etc.

[marek-benes]

const response = await fetch("https://google.com", { method: "get", body: body });

But there is no option argument to passrejectUnauthorized property.

[bnoordhuis]

Oh sorry, you did mention fetch(). That's a web API so no, no escape hatch. You wouldn't have one in the browser either.

[shivkumar-jirwankar]

any solution for fetch api?

[gusttavonl]

use this in your fetch

const https = require('https'); // or import https from 'https'
const agent = new https.Agent({
    rejectUnauthorized: false,
});
fetch("https://google.com", { method: "get", body: body, agent });

[gusttavonl]

@Ju777 Of course, React Version: 18.2.0, Node: 16.16.0 and Webpack: 5.75.0

[Ju777]

Ok thanks @gustavonoronha0 .

There is a weird thing, because I did not install any Webpack version as I create my app with CRA npx create-react-app my_app_name . And as far as I know, there is a Webpack "under the hood" in that case.

I think that's the reason why I don't have any webpack.config.js .

[juinson]

so, do you guys have any idea to solve this case ?
coz i spend 2 times 24 hours and had no idea

[juinson]

i have tried https-proxy-agent and so on, even use server proxy

[Taschenbuch]

this whole thread in this discussion is confusing.
Are we talking about the same thing: build in fetch in nodejs?
The nodejs build in fetch does not accept a "agent" parameter. sounds like you talk about node-fetch package or browser api fetch. https is part of nodejs so no need to install it.
But the other accepted undici answer works for me.

[exseniarch]

Obviously on localhost it's a matter of CORS

http://www.linkedin.com/in/exseniarch

[KhafraDev]

Using the built in fetch with undici, you can do

import { Agent, setGlobalDispatcher } from 'undici'

const agent = new Agent({
  connect: {
    rejectUnauthorized: false
  }
})

setGlobalDispatcher(agent)

await fetch('...')

[KhafraDev]

Yes, you have to install undici. setGlobalDispatcher works by using a global symbol so the global dispatcher can be set from undici but also used in node's fetch.

[zap-dev1]

Okay makes sense, thank you!

[mherb63]

when I do the import
import { Agent, setGlobalDispatcher } from 'undici'

I get this error in the console

any ideas?

[KhafraDev]

undici doesn't work in the browser

[mherb63]

oh I see...thanks for the reply

[silverwind]

For anyone looking to do this without dependencies, e.g. for scripting use:

#!/usr/bin/env -S node --no-warnings
process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
await fetch("https://localhost");

The lengths one has to go through with built-in fetch for the simplest of things are truly astonishing.

[LqdBcnAtWork]

Why can't we set this per-fetch call?

Would be so much better than throwing a warning and disabling tls basically globally. Like really, we're not writing code to be run client side when it comes to Node. Let me send post requests to the modem I'm trying to auto configure that has a self-signed SSL.

I'm not expecting answers, just frustrated at how long it took me to find an actual answer to this.

Edit: very important word forgotten

[guscsales]

This works, but anyone that reading this message, please use only for development mode