For various reasons such as testing, you may need to disable SSL verification in Node.js applications. Although it’s not recommended for production, understanding how to disable SSL verification is part of development and debugging in Node.js. This post explores different methods to achieve this, covering npm config settings, environment variables, and popular Node.js HTTP client libraries like Requests, Axios, and Got.
Table of Contents
Disabling with npm config
To disable SSL verification globally for all Node.js applications using npm, you can modify the npm configuration using the following command:
npm config set strict-ssl false
Remember to reset this setting when you move to production environments.
Using Environment Variables
Another way to disable SSL verification is by setting environment variables:
NODE_TLS_REJECT_UNAUTHORIZED=0
Set this variable before you run your Node.js application to ignore SSL errors.
(or)
add the environment variable in the beginning of the main .js file.
process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
Disabling in the Request Package
With the Request package, disable SSL verification by setting the option strictSSL to false:
const request = require('request');
const options = {
url: 'https://example.com',
strictSSL: false
};
request(options, (error, response, body) => {
// ...
});
Disabling in Axios
Axios is a popular HTTP client and to disable SSL verification you can modify the httpsAgent:
const axios = require('axios');
const https = require('https');
const httpsAgent = new https.Agent({
rejectUnauthorized: false
});
axios.get('https://example.com', { httpsAgent })
.then(response => {
// ...
});
Note that disabling SSL verification may expose you to security risks.
Disabling in Got
Got is a human-friendly and powerful HTTP request library for Node.js. To disable SSL verification:
const got = require('got');
(async () => {
try {
const response = await got('https://example.com', {
https: { rejectUnauthorized: false }
});
console.log(response.body);
} catch (error) {
console.log(error.response.body);
}
})();
Conclusive Summary
This tutorial covered several methods to disable SSL verification in Node.js applications. While useful for development and troubleshooting, it is crucial to ensure SSL verification is enabled in production to maintain security. Employ these practices responsibly and revert changes when they are no longer needed.
