Merge pull request #135 from zapier/fix-unencrypted-requests

Fix bug: Can't use unencrypted http:// protocol when SSL checks are disabled
zapier · Jan 9, 2019 · 1650968 · 1650968
2 parents 42ad3a1 + 50aa706
commit 1650968
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/src/http-middlewares/before/disable-ssl-cert-check.js b/src/http-middlewares/before/disable-ssl-cert-check.js
@@ -5,7 +5,7 @@ const https = require('https');
 const disableSSLCertCheck = req => {
   if (req.agent) {
     req.agent.options.rejectUnauthorized = false;
-  } else {
+  } else if (req.url.startsWith('https://')) {
     req.agent = new https.Agent({ rejectUnauthorized: false });
   }
   return req;

diff --git a/test/create-request-client.js b/test/create-request-client.js
@@ -364,6 +364,15 @@ describe('request client', () => {
     });
   });
 
+  it('should allow unencrypted requests when SSL checks are disabled', () => {
+    const newInput = _.cloneDeep(input);
+    newInput._zapier.event.verifySSL = false;
+    const request = createAppRequestClient(newInput);
+    return request('http://zapier-httpbin.herokuapp.com/get').then(response => {
+      response.status.should.eql(200);
+    });
+  });
+
   it('should not omit empty params by default', () => {
     const request = createAppRequestClient(input);
     return request({