Skip to content


Ensure Node performs TLS validation

Setting the environment variable NODE_TLS_REJECT_UNAUTHORIZED=0 disables TLS certificate validation in node. This means that anytime there is an HTTPS request the TLS certificate returned by the client will not be validated against your certificate chain. Malicious sites can use this for man-in-the-middle attacks or forging certificates.


Insecure Example


Secure Example

// safe by default