node-fetch: request failed, reason: self signed certificate

I did it like this:

const https = require("https");
const agent = new https.Agent({
  rejectUnauthorized: false
})
fetch(myUrl, { agent })

This is also an environment variable you can set in later versions of node.js to suppress the certificate authorization:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

or

NODE_TLS_REJECT_UNAUTHORIZED="0" npm start

https://stackoverflow.com/a/21961005

I did it like this:

const https = require("https");
const agent = new https.Agent({
  rejectUnauthorized: false
})
fetch(myUrl, { agent })

This https module is huge: +250Kib (unzipped) to the bundle 😦 Anyone aware of a decently sized solution for Node, Browser and SSR?

Hi I tried

import https from "https";
const agent = new https.Agent({
  rejectUnauthorized: false
});
fetch(myUrl, { agent });

in the same file where I make the request

NODE_TLS_REJECT_UNAUTHORIZED="0" npm run dev

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0

in root/.env

All the above methods don’t work for me, and I am still getting the same error.

• In Postman, this error can be avoided by turning off SSL Certificate Verification
• In Curl, this error can be avoided by adding -k flag
• What to do next in order to achieve the same effect in Nodejs?

@johanhenrikssn worked for me fixing isomorphic-fetch and vue-apollo. Thanks.

import Vue from 'vue'
import { ApolloClient, createNetworkInterface } from 'apollo-client'
import VueApollo from 'vue-apollo'
import fetch from 'isomorphic-fetch'
import https from 'https'
const agent = new https.Agent({
  rejectUnauthorized: false
})

const networkInterface = createNetworkInterface({ 
  uri: API_ENDPOINT,
  opts: {
  // Additional fetch options like `credentials` or `headers`
  credentials: 'same-origin',
  agent
  }
});

For a safer option, you can also use key, cert, ca of https.Agent options.

The following additional options from tls.connect() are also accepted when using a custom Agent: pfx, key, passphrase, cert, ca, ciphers, rejectUnauthorized, secureProtocol, servername

https://nodejs.org/api/https.html#https_https_request_options_callback

https.request API has a rejectUnauthorized option with boolean value, set to false if you don’t want to verify certificate . Hope node-fetch add this option.

I added some code in ./lib/request.js and it works as expected.

    if(init.rejectUnauthorized !== undefined){
        this.rejectUnauthorized = init.rejectUnauthorized;
    }

I did it like this:

const https = require("https");
const agent = new https.Agent({
  rejectUnauthorized: false
})
fetch(myUrl, { agent })

This https module is huge: +250Kib (unzipped) to the bundle 😦 Anyone aware of a decently sized solution for Node, Browser and SSR?

You can’t even use the https mode in browsers, so why would it matter that its large?

@johanhenrikssn any idea of the security implications of that “fix”? 😃

agent is one of the available options: https://github.com/bitinn/node-fetch#options

@LiMengyang990726 Is the site you’re trying to fetch using a self-signed certificate?

I believe so. As I need to try to avoid the same thing in Postman and cULR

I used this es6 syntax and it worked for me. No need to set node global options.

import https from "https";
const agent = new https.Agent({
  rejectUnauthorized: false
});
fetch(myUrl, { agent });