In domain-task/fetch, only apply HTTPS cert validation workaround for HTTPS requests (not HTTP)

SteveSandersonMS · SteveSandersonMS · commit e632d2bb692a · 2017-07-07T12:07:12.000+01:00
diff --git a/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/package.json b/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/package.json
@@ -1,6 +1,6 @@
{
 "name": "domain-task",
- "version": "3.0.2",
+ "version": "3.0.3",
 "description": "Tracks outstanding operations for a logical thread of execution",
 "main": "index.js",
 "scripts":{
diff --git a/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/src/fetch.ts b/src/Microsoft.AspNetCore.SpaServices/npm/domain-task/src/fetch.ts
@@ -6,6 +6,7 @@ import{baseUrl } from './main';
 const isomorphicFetch = require('isomorphic-fetch');
 const isNode = typeof process === 'object' && process.versions && !!process.versions.node;
 const nodeHttps = isNode && require('https');
+const isHttpsRegex = /^https\:/;
 
 function issueRequest(baseUrl: string, req: string | Request, init?: RequestInit): Promise<any>{
 const reqUrl = (req instanceof Request) ? req.url : req;
@@ -30,11 +31,11 @@ function issueRequest(baseUrl: string, req: string | Request, init?: RequestInit
 `);
 }
 
- init = applyHttpsAgentPolicy(init, isRelativeUrl);
+ init = applyHttpsAgentPolicy(init, isRelativeUrl, baseUrl);
 return isomorphicFetch(req, init);
 }
 
-function applyHttpsAgentPolicy(init: RequestInit, isRelativeUrl: boolean): RequestInit{
+function applyHttpsAgentPolicy(init: RequestInit, isRelativeUrl: boolean, baseUrl: string): RequestInit{
 // HTTPS is awkward in Node because it uses a built-in list of CAs, rather than recognizing
 // the OS's system-level CA list. There are dozens of issues filed against Node about this,
 // but still (as of v8.0.0) no resolution besides manually duplicating your CA config.
@@ -54,12 +55,15 @@ function applyHttpsAgentPolicy(init: RequestInit, isRelativeUrl: boolean): Reque
 // for 'agent' (which would let you set up other HTTPS-handling policies), then we automatically
 // disable cert verification for that request.
 if (isNode && isRelativeUrl){
- const hasAgentConfig = init && ('agent' in init);
- if (!hasAgentConfig){
- const agentForRequest = new (nodeHttps.Agent)({rejectUnauthorized: false });
+ const isHttps = baseUrl && isHttpsRegex.test(baseUrl);
+ if (isHttps){
+ const hasAgentConfig = init && ('agent' in init);
+ if (!hasAgentConfig){
+ const agentForRequest = new (nodeHttps.Agent)({rejectUnauthorized: false });
 
- init = init ||{};
- (init as any).agent = agentForRequest;
+ init = init ||{};
+ (init as any).agent = agentForRequest;
+ }
 }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "domain-task",`
`3`		`-"version": "3.0.2",`
	`3`	`+"version": "3.0.3",`
`4`	`4`	`"description": "Tracks outstanding operations for a logical thread of execution",`
`5`	`5`	`"main": "index.js",`
`6`	`6`	`"scripts":{`
-Original file line number
+Diff line change
 constisomorphicFetch=require('isomorphic-fetch');
 constisNode=typeofprocess==='object'&&process.versions&&!!process.versions.node;
 constnodeHttps=isNode&&require('https');
 +constisHttpsRegex=/^https\:/;
 functionissueRequest(baseUrl: string,req: string|Request,init?: RequestInit): Promise<any>{
 constreqUrl=(reqinstanceofRequest) ? req.url : req;
  `);
+}
 -init=applyHttpsAgentPolicy(init,isRelativeUrl);
 +init=applyHttpsAgentPolicy(init,isRelativeUrl,baseUrl);
 returnisomorphicFetch(req,init);
+}
 -functionapplyHttpsAgentPolicy(init: RequestInit,isRelativeUrl: boolean): RequestInit{
 +functionapplyHttpsAgentPolicy(init: RequestInit,isRelativeUrl: boolean,baseUrl: string): RequestInit{
 // HTTPS is awkward in Node because it uses a built-in list of CAs, rather than recognizing
 // the OS's system-level CA list. There are dozens of issues filed against Node about this,
 // but still (as of v8.0.0) no resolution besides manually duplicating your CA config.
 // for 'agent' (which would let you set up other HTTPS-handling policies), then we automatically
 // disable cert verification for that request.
 if(isNode&&isRelativeUrl){
 -consthasAgentConfig=init&&('agent'ininit);
 -if(!hasAgentConfig){
 -constagentForRequest=new(nodeHttps.Agent)({rejectUnauthorized: false});
 +constisHttps=baseUrl&&isHttpsRegex.test(baseUrl);
 +if(isHttps){
 +consthasAgentConfig=init&&('agent'ininit);
 +if(!hasAgentConfig){
 +constagentForRequest=new(nodeHttps.Agent)({rejectUnauthorized: false});
 -init=init||{};
 -(initasany).agent=agentForRequest;
 +init=init||{};
 +(initasany).agent=agentForRequest;
 +}
+}
+}