Feature/ni 161 - Meteoalarm message post#75
Conversation
teddmason
force-pushed
the
feature/NI-161
branch
from
aa4166b to
6f3b45e
Compare
…e process as it is integral to future of the service
lib/helpers/meteoalarm.js
Outdated
| }, | ||
| httpsAgent: new https.Agent({ | ||
| rejectUnauthorized: false | ||
| }) |
There was a problem hiding this comment.
I think this is not needed when the code is running outside a local development environment. Bypassing server certificate checks is a security risk that can be avoided.
When running the code in a local development environment I think a better solution is to make intermediate CA certificates available to Node.js using the NODE_EXTRA_CA_CERTS environment variable. This approach worked for me locally using a simple program to perform a HTTP GET to the Meteoalarm API using axios.
Without the NODE_EXTRA_CA_CERTS environment set, the test program responded with "unable to get local issuer certificate".
There was a problem hiding this comment.
@pwadmore-ea Good catch, meant to make this only for local development environment. I've removed the code and set the localstack NODE_TLS_REJECT_UNAUTHORIZED=0. However need to test the external api call works fine from aws now with tls in place.
|
2 participants
No description provided.