Disable SSL in Axios

Question

is there an easy way to disable SSL validation in Axios. I tried this process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; but it doesn't work.

Here's an example of my code"

const postPosts = () => {
  axios
    .post("https://xxx.dev.lab", {
      Username: "xxx",
      Password: "xxx"
    })
    .then(response => {
      console.log(response);
    })
    .catch(error => {
      console.error(error);
    });
};
postPosts();

Answer 1

[ IF YOU ARE RUNNING YOUR APP IN DOCKER ]

I solved that issue in my project with 2 steps:

1. Change Docker SSL settings

I edited /etc/ssl/openssl.cnf inside the container

Replace strings:

TLSv1.2 => TLSv1
SECLEVEL=2 => SECLEVEL=1

2. Set min TLS version for your request

import * as https from 'https';

const agent = new https.Agent({
  rejectUnauthorized: false,
  minVersion: 'TLSv1',
});

axios.post(
  "https://xxx.dev.lab", 
  { Username: "xxx", Password: "xxx" },
  { httpsAgent: agent }
)

Answer 2

Axios doesn't address that situation so far - you can try:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

BUT THATS A VERY BAD IDEA since it disables SSL across the whole node server..

or you can configure axios to use a custom agent and set rejectUnauthorized to false for that agent as mentioned here

example:

// At instance level
const instance = axios.create({
  httpsAgent: new https.Agent({  
    rejectUnauthorized: false
  })
});

instance.get('https://something.com/foo');

// At request level
 const agent = new https.Agent({  
 rejectUnauthorized: false
});

axios.get('https://something.com/foo', { httpsAgent: agent });