Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[PLA-2023] Remove without verifying #277

Merged
merged 1 commit into from
Oct 21, 2024
Merged

[PLA-2023] Remove without verifying #277

merged 1 commit into from
Oct 21, 2024

Conversation

enjinabner
Copy link
Contributor

@enjinabner enjinabner commented Oct 21, 2024
edited by github-actions bot
Loading

PR Type

enhancement

Description

  • Removed the withoutVerifying() method call from the HTTP client configuration in the getClient method of the HttpAbstract class.
  • This change enhances the security by ensuring SSL certificates are verified during HTTP requests.

Changes walkthrough 📝

Relevant files
Enhancement
HttpAbstract.php
Remove `withoutVerifying()` from HTTP client configuration

src/Clients/Abstracts/HttpAbstract.php

  • Removed withoutVerifying() method call from the HTTP client
    configuration.
    		•  +1/-1     

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    @enjinabner enjinabner self-assigned this Oct 21, 2024
    @github-actions GitHub Actions
    Copy link

    PR Reviewer Guide 🔍

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪
    🧪 No relevant tests
    🔒 No security concerns identified
    ⚡ No major issues detected

    @github-actions GitHub Actions
    Copy link

    PR Code Suggestions ✨

    Explore these optional code suggestions:

    CategorySuggestion                                                                                                                                    Score
    Security
    Enhance security by enabling SSL certificate verification

    Consider implementing SSL certificate verification for the HTTP client to ensure
    secure data transmission and prevent potential man-in-the-middle attacks.

    src/Clients/Abstracts/HttpAbstract.php [18]

    -return Http::retry(3, 500)->timeout(60)->asJson()->acceptJson();
+return Http::retry(3, 500)->timeout(60)->withVerifying()->asJson()->acceptJson();
    Suggestion importance[1-10]: 9

    Why: The suggestion to enable SSL certificate verification addresses a critical security concern by preventing potential man-in-the-middle attacks. This change enhances the security of HTTP requests, making it highly relevant and impactful.

    		9

    @enjinabner enjinabner merged commit d58dffe into master Oct 21, 2024
    6 of 7 checks passed
    @enjinabner enjinabner deleted the feature/pla-2023/remove-withoutverify branch October 21, 2024 12:47
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @Bradez Bradez Bradez approved these changes

    @v16Studios v16Studios Awaiting requested review from v16Studios v16Studios is a code owner

    @leonardocustodio leonardocustodio Awaiting requested review from leonardocustodio leonardocustodio is a code owner

    Assignees

    @enjinabner enjinabner

    Labels
    enhancement New feature or request Review effort [1-5]: 1
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    2 participants
    @enjinabner @Bradez