node-disable-ssl¶
Ensure Node performs TLS validation
Setting the environment variable NODE_TLS_REJECT_UNAUTHORIZED=0 disables TLS certificate validation in node. This means that anytime there is an HTTPS request the TLS certificate returned by the client will not be validated against your certificate chain. Malicious sites can use this for man-in-the-middle attacks or forging certificates.
Examples¶
Insecure Example
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0"
Secure Example
// safe by default