Reputation: 385
SSL certificate - disable verification in axios and react
I'm trying to consume an API in my react application using axios. The API works over HTTPS with self signed certificate. So far I've got the following error when connecting:
net::ERR_INSECURE_RESPONSE
bundle.js:65253 HTTP Failure in Axios Error: Network Error
at createError (bundle.js:2188)
at XMLHttpRequest.handleError (bundle.js:1717)
I tried the following but without success:
import axios from 'axios';
const https = require('https');
const agent = new https.Agent({
rejectUnauthorized: false,
});
const client = axios.create({ //all axios can be used, shown in axios documentation
baseURL: process.env.REACT_APP_API_URL,
responseType: 'json',
withCredentials: true,
httpsAgent: agent
});
export default client;
Is there any way to disable the certificate verification?
Upvotes: 27
Views: 53499
Answers (3)
Reputation: 2875
None of these seem to actually answer the question. The question isn't how to self-sign a cert or how to disable security in the browser. The question is: specifically with axios how do you disable SSL verification?
This should be the same as adding -k or --insecure flag to a cURL command. If you can do it with cURL then it should be possible with axios.
Note that this doesn't disable encryption since the server is still in control of that if you otherwise have https set up correctly. It just disables checking whether you are talking to the right server.
Anyway, in my case I resolved this issue for myself by changing:
const agent = new https.Agent({
rejectUnauthorized: false,
});
to
const agent = new https.Agent({
rejectUnauthorized: false,
requestCert: false,
agent: false,
});
Following the answer in the similar question linked by Philippe Sultan. I don't actually get what each option does individually. If someone can answer in the comments that would be great.
Upvotes: 9
Reputation: 792
First of all the reason error is not on your code. It's because security restriction on your browser. By default browser will block request to self signed since its not a certificate from valid certificate authority (CA).
Either upgrade SSL certificate from a CA or you need to disable web security in browser.
e.g. for chrome start with cmd line args as below
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --disable-gpu --user-data-dir=~/chromeTemp
Upvotes: 0
Reputation: 6120
Here is a way to have self-signed and accepted localhost certificates. Basically, you generate the certificate and add it to Chrome manually before using it.
Guide by Let's Encrypt: https://letsencrypt.org/docs/certificates-for-localhost/ (seems a bit advanced).
There is this answer too, that explains how to add certificate while you are at the site: https://stackoverflow.com/a/18602774
Upvotes: 1
Related Questions
- How to ignore SSL certificate validation in node requests?
- reactjs make https (not http) requests with axios
- How to configure axios to use SSL certificate?
- Disable SSL in Axios
- axios bypass TLS certificates error. No solution at all for FRONT END (React)
- getting net::ERR_SSL_PROTOCOL_ERROR in axios reactJs
- How to disable SSL certificate verification while post request in react JS?
- How to disable SSL verification in node.js
- How to avoid "ERR_CERT_AUTHORITY_INVALID" error in React?
- disable SSL certification verification in axios