Support for self-signed certificates#565
Support for self-signed certificates#565martijnwalraven merged 2 commits intoapollographql:masterfrom
Conversation
…y skipping certs validation.
|
@robertomg: Thank you for submitting a pull request! Before we can merge it, you'll need to sign the Meteor Contributor Agreement here: https://contribute.meteor.com/ |
martijnwalraven
left a comment
martijnwalraven
left a comment
There was a problem hiding this comment.
Thanks for working on this! I left a few comments, but otherwise looks great.
| engineKey?: string; | ||
| extends?: string; | ||
| clientSide?: boolean; | ||
| skipsSSLValidation?: boolean; |
There was a problem hiding this comment.
I think this should probably be part of EndpointConfig, similar to endpoint-specific headers.
There was a problem hiding this comment.
I think this is a great suggestion and actually I thought about implementing this way on the first place. 👍
| description: | ||
| "The URL of the server to fetch the schema from or path to ./your/local/schema.graphql" | ||
| }), | ||
| insecure: flags.boolean({ |
There was a problem hiding this comment.
Wondering about the naming, because it's a bit confusing to have insecure, skipsSSLValidation , and rejectUnauthorized referring to the same option.
skipSSLValidation seems the most descriptive (I prefer skip vs. skips, but that's no biggie). I understand wanting to follow curl in using insecure, but consistency between command flag and config is more important here I think.
There was a problem hiding this comment.
I agree on this that giving a more self-explanatory name is more important than keeping old names. So I decided to change this (also to skip instead of skips). Thanks for the feedback
| const filePath = projectFolder ? path.resolve(projectFolder, url) : url; | ||
| if (fs.existsSync(filePath)) return fromFile(filePath); | ||
|
|
||
| const insecureOptionActive = insecureEnabled ? insecureEnabled : false; |
There was a problem hiding this comment.
I think we can avoid an extra variable here by using a default parameter value (insecureEnabled?: boolean = false).
There was a problem hiding this comment.
Just discovered that checking a (boolean | undefined) variable on an if would only accept it if the variable is true so this line is not necessary anymore.
| if (dependency.endpoint && dependency.endpoint.url) { | ||
| try { | ||
| return await fetchSchema(dependency.endpoint, config.projectFolder); | ||
| return await fetchSchema(dependency.endpoint, config.projectFolder, dependency.skipsSSLValidation); |
There was a problem hiding this comment.
If we put skipSSLValidation under endpoint we can avoid passing in an extra parameter.
|
Thanks for the quick response! |
3 participants
Adds support for skipping certificate validation
Often developers use a self-signed certificate for local services. In development process is not uncommon to see those kind of https requests without a Root CA signed certificate. This PR tries to solve the issue reported on #199 when using
apollo-clifor downloading the GraphQL schema.schema:downloadhas a new option--insecureor equally-kfor skipping certificate validation. These names were chosen following the popular unix commandcurlconvention.It is my first PR on the project so any kind of feedback is more than welcome.
Fixes #199