Support NODE_TLS_REJECT_UNAUTHORIZED=0 to ignore client errors #341

Apparently `NODE_TLS_REJECT_UNAUTHORIZED` is only effective if
`rejectUnauthorized` was not overridden by the code:
85e6089c4d/lib/_tls_wrap.js (L1583-L1591)

But the underlying library does override it:
https://github.com/http-party/node-http-proxy/blob/v1.11.1/lib/http-proxy/common.js#L53-L55

Fix this by overriding the option via the library's "secure" option.

lib/cors-anywhere.js

@@ -407,6 +407,7 @@ exports.createServer = function createServer(options) {
   // Default options:
   var httpProxyOptions = {
     xfwd: true,            // Append X-Forwarded-* headers
+    secure: process.env.NODE_TLS_REJECT_UNAUTHORIZED !== '0',
   };
   // Allow user to override defaults and add own options
   if (options.httpProxyOptions) {

test/test.js

@@ -5,6 +5,7 @@ var createServer = require('../').createServer;
 var request = require('supertest');
 var path = require('path');
 var http = require('http');
+var https = require('https');
 var fs = require('fs');
 var assert = require('assert');
 
@@ -554,6 +555,81 @@ describe('server on https', function() {
   });
 });
 
+describe('NODE_TLS_REJECT_UNAUTHORIZED', function() {
+  var NODE_TLS_REJECT_UNAUTHORIZED;
+  var bad_https_server;
+  var bad_https_server_port;
+
+  before(function() {
+    cors_anywhere = createServer({});
+    cors_anywhere_port = cors_anywhere.listen(0).address().port;
+  });
+  after(function(done) {
+    stopServer(done);
+  });
+
+  before(function() {
+    bad_https_server = https.createServer({
+      // rejectUnauthorized: false,
+      key: fs.readFileSync(path.join(__dirname, 'key.pem')),
+      cert: fs.readFileSync(path.join(__dirname, 'cert.pem')),
+    }, function(req, res) {
+      res.end('Response from server with expired cert');
+    });
+    bad_https_server_port = bad_https_server.listen(0).address().port;
+
+    NODE_TLS_REJECT_UNAUTHORIZED = process.env.NODE_TLS_REJECT_UNAUTHORIZED;
+  });
+  after(function(done) {
+    if (NODE_TLS_REJECT_UNAUTHORIZED === undefined) {
+      delete process.env.NODE_TLS_REJECT_UNAUTHORIZED;
+    } else {
+      process.env.NODE_TLS_REJECT_UNAUTHORIZED = NODE_TLS_REJECT_UNAUTHORIZED;
+    }
+    bad_https_server.close(function() {
+      done();
+    });
+  });
+
+  it('respects certificate errors by default', function(done) {
+    // Test is expected to run without NODE_TLS_REJECT_UNAUTHORIZED=0
+    request(cors_anywhere)
+      .get('/https://127.0.0.1:' + bad_https_server_port)
+      .set('test-include-xfwd', '')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('Not found because of proxy error: Error: certificate has expired', done);
+  });
+
+  it('ignore certificate errors via NODE_TLS_REJECT_UNAUTHORIZED=0', function(done) {
+    stopServer(function() {
+      process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+      cors_anywhere = createServer({});
+      cors_anywhere_port = cors_anywhere.listen(0).address().port;
+      request(cors_anywhere)
+        .get('/https://127.0.0.1:' + bad_https_server_port)
+        .set('test-include-xfwd', '')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect('Response from server with expired cert', done);
+    });
+  });
+
+  it('respects certificate errors when httpProxyOptions.secure=true', function(done) {
+    stopServer(function() {
+      cors_anywhere = createServer({
+        httpProxyOptions: {
+          secure: true,
+        },
+      });
+      cors_anywhere_port = cors_anywhere.listen(0).address().port;
+      request(cors_anywhere)
+        .get('/https://127.0.0.1:' + bad_https_server_port)
+        .set('test-include-xfwd', '')
+        .expect('Access-Control-Allow-Origin', '*')
+        .expect('Not found because of proxy error: Error: certificate has expired', done);
+    });
+  });
+});
+
 describe('originBlacklist', function() {
   before(function() {
     cors_anywhere = createServer({