From edebecdbc0db119bd8f00ec92aae12356005c59b Mon Sep 17 00:00:00 2001 From: TejaChitturi Date: Wed, 18 Mar 2026 18:16:26 +0530 Subject: [PATCH 1/3] [RQ-737]: Skip SSL Verification --- src/main/actions/getProxiedAxios.ts | 30 ++++++++++++++++++++---- src/main/actions/makeApiClientRequest.js | 2 ++ 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/src/main/actions/getProxiedAxios.ts b/src/main/actions/getProxiedAxios.ts index 8a7b14f..3d71b82 100644 --- a/src/main/actions/getProxiedAxios.ts +++ b/src/main/actions/getProxiedAxios.ts @@ -90,13 +90,27 @@ function createAxiosInstance( ca: readFileSync(config.rootCertPath), }), }); + + // Interceptor to disable SSL securely when Proxy is enabled + instance.interceptors.request.use((requestConfig: any) => { + if (requestConfig.sslVerificationDisabled) { + requestConfig.httpsAgent = new PatchedHttpsProxyAgent({ + host: config.ip, + port: config.port, + ca: readFileSync(config.rootCertPath), + rejectUnauthorized: false, + }); + } + return requestConfig; + }); + } else { instance = axios.create({ proxy: false, }); - instance.interceptors.request.use(async (requestConfig) => { - const { url: requestUrl } = requestConfig; + instance.interceptors.request.use(async (requestConfig: any) => { + const { url: requestUrl, sslVerificationDisabled } = requestConfig; if (!requestUrl) { return requestConfig; @@ -115,7 +129,12 @@ function createAxiosInstance( const lookup = await createLocalhostLookup(port); requestConfig.httpAgent = new http.Agent({ lookup }); - requestConfig.httpsAgent = new https.Agent({ lookup }); + + // Preserve SSL bypass flag alongside localhost lookup logic + requestConfig.httpsAgent = new https.Agent({ + lookup, + rejectUnauthorized: !sslVerificationDisabled + }); // Node.js skips DNS lookup for raw IP literals, so the custom lookup // above has no effect. Rewrite the URL to the concrete working IP. @@ -127,6 +146,9 @@ function createAxiosInstance( requestConfig.url = requestUrl.replace(hostname, targetIp); } } + } else if (sslVerificationDisabled) { + // Handle standard web requests where SSL is bypassed + requestConfig.httpsAgent = new https.Agent({ rejectUnauthorized: false }); } return requestConfig; @@ -164,7 +186,7 @@ export const createOrUpdateAxiosInstance = ( }; /* - [Intentional] add cookies by default. In line with emulating browser behaviour. +[Intentional] add cookies by default. In line with emulating browser behaviour. A better name could be excludeCredentials=false . did this because a flag called `withCredentials` has now been released for extension */ diff --git a/src/main/actions/makeApiClientRequest.js b/src/main/actions/makeApiClientRequest.js index df26c7b..ab44c6b 100644 --- a/src/main/actions/makeApiClientRequest.js +++ b/src/main/actions/makeApiClientRequest.js @@ -108,6 +108,8 @@ const makeApiClientRequest = async ({ apiRequest }) => { validateStatus: () => { return true; }, + // Pass the SSL flag down for the interceptor to handle + sslVerificationDisabled: apiRequest.sslVerificationDisabled, }); const responseTime = performance.now() - requestStartTime; From d3af35784168dc61f1249d7f705a914a7eb8a3c6 Mon Sep 17 00:00:00 2001 From: TejaChitturi Date: Mon, 23 Mar 2026 10:21:13 +0530 Subject: [PATCH 2/3] fixed edge cases --- src/main/actions/getProxiedAxios.ts | 37 +++++++----------------- src/main/actions/makeApiClientRequest.js | 2 +- 2 files changed, 11 insertions(+), 28 deletions(-) diff --git a/src/main/actions/getProxiedAxios.ts b/src/main/actions/getProxiedAxios.ts index 3d71b82..47f5810 100644 --- a/src/main/actions/getProxiedAxios.ts +++ b/src/main/actions/getProxiedAxios.ts @@ -90,24 +90,8 @@ function createAxiosInstance( ca: readFileSync(config.rootCertPath), }), }); - - // Interceptor to disable SSL securely when Proxy is enabled - instance.interceptors.request.use((requestConfig: any) => { - if (requestConfig.sslVerificationDisabled) { - requestConfig.httpsAgent = new PatchedHttpsProxyAgent({ - host: config.ip, - port: config.port, - ca: readFileSync(config.rootCertPath), - rejectUnauthorized: false, - }); - } - return requestConfig; - }); - } else { - instance = axios.create({ - proxy: false, - }); + instance = axios.create({ proxy: false }); instance.interceptors.request.use(async (requestConfig: any) => { const { url: requestUrl, sslVerificationDisabled } = requestConfig; @@ -118,23 +102,22 @@ function createAxiosInstance( const url = new URL(requestUrl); const { hostname, port: urlPort, protocol } = url; + const port = urlPort ? parseInt(urlPort, 10) : (protocol === "https:" ? 443 : 80); - const isLocalhost = hostname === "localhost" + const isLocalhost = hostname === "localhost" || hostname === LOCAL_IPV4 || hostname === `[${LOCAL_IPV6}]` || hostname === LOCAL_UNSPECIFIED; if (isLocalhost) { - const port = urlPort ? parseInt(urlPort, 10) : protocol === "https:" ? 443 : 80; - const lookup = await createLocalhostLookup(port); - requestConfig.httpAgent = new http.Agent({ lookup }); - - // Preserve SSL bypass flag alongside localhost lookup logic - requestConfig.httpsAgent = new https.Agent({ + const agentOptions = { lookup, - rejectUnauthorized: !sslVerificationDisabled - }); + rejectUnauthorized: sslVerificationDisabled !== true, + }; + + requestConfig.httpAgent = new http.Agent({ lookup }); + requestConfig.httpsAgent = new https.Agent(agentOptions); // Node.js skips DNS lookup for raw IP literals, so the custom lookup // above has no effect. Rewrite the URL to the concrete working IP. @@ -147,7 +130,7 @@ function createAxiosInstance( } } } else if (sslVerificationDisabled) { - // Handle standard web requests where SSL is bypassed + // Handle standard web requests where SSL is bypassed requestConfig.httpsAgent = new https.Agent({ rejectUnauthorized: false }); } diff --git a/src/main/actions/makeApiClientRequest.js b/src/main/actions/makeApiClientRequest.js index ab44c6b..212cf88 100644 --- a/src/main/actions/makeApiClientRequest.js +++ b/src/main/actions/makeApiClientRequest.js @@ -109,7 +109,7 @@ const makeApiClientRequest = async ({ apiRequest }) => { return true; }, // Pass the SSL flag down for the interceptor to handle - sslVerificationDisabled: apiRequest.sslVerificationDisabled, + sslVerificationDisabled: apiRequest.sslVerificationDisabled === true, }); const responseTime = performance.now() - requestStartTime; From aae9c99d95a55fa1ba8f7b108cae0e416e60be49 Mon Sep 17 00:00:00 2001 From: TejaChitturi Date: Mon, 23 Mar 2026 10:27:02 +0530 Subject: [PATCH 3/3] added comment --- src/main/actions/getProxiedAxios.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/actions/getProxiedAxios.ts b/src/main/actions/getProxiedAxios.ts index 47f5810..d814004 100644 --- a/src/main/actions/getProxiedAxios.ts +++ b/src/main/actions/getProxiedAxios.ts @@ -113,7 +113,7 @@ function createAxiosInstance( const lookup = await createLocalhostLookup(port); const agentOptions = { lookup, - rejectUnauthorized: sslVerificationDisabled !== true, + rejectUnauthorized: sslVerificationDisabled !== true, // false = skip SSL verification, true = enforce certificate validation }; requestConfig.httpAgent = new http.Agent({ lookup });