From 353a4a1af3165b2c59319865350d70a99105269c Mon Sep 17 00:00:00 2001
From: TheAifam5 <theaifam5@gmail.com>
Date: Mon, 9 Aug 2021 16:53:21 +0200
Subject: feat: Add --unsafely-treat-insecure-origin-as-secure flag to disable
 SSL verification (#11324)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit adds "--unsafely-treat-insecure-origin-as-secure" flag
that allows to disable SSL verification for all domains, or specific
domains if they were passed as an argument to the flag.

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
---
 cli/program_state.rs | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'cli/program_state.rs')

diff --git a/cli/program_state.rs b/cli/program_state.rs
index 244351a03..721ccda9c 100644
--- a/cli/program_state.rs
+++ b/cli/program_state.rs
@@ -1,5 +1,6 @@
 // Copyright 2018-2021 the Deno authors. All rights reserved. MIT license.
 
+use crate::colors;
 use crate::config_file::ConfigFile;
 use crate::deno_dir;
 use crate::file_fetcher::CacheSetting;
@@ -117,6 +118,21 @@ impl ProgramState {
       }
     }
 
+    if let Some(insecure_allowlist) =
+      flags.unsafely_treat_insecure_origin_as_secure.as_ref()
+    {
+      let domains = if insecure_allowlist.is_empty() {
+        "for all domains".to_string()
+      } else {
+        format!("for: {}", insecure_allowlist.join(", "))
+      };
+      let msg = format!(
+        "DANGER: SSL ceritificate validation is disabled {}",
+        domains
+      );
+      eprintln!("{}", colors::yellow(msg));
+    }
+
     let cache_usage = if flags.cached_only {
       CacheSetting::Only
     } else if !flags.cache_blocklist.is_empty() {
@@ -137,6 +153,7 @@ impl ProgramState {
       !flags.no_remote,
       Some(root_cert_store.clone()),
       blob_store.clone(),
+      flags.unsafely_treat_insecure_origin_as_secure.clone(),
     )?;
 
     let lockfile = if let Some(filename) = &flags.lock {
-- 
cgit v1.2.3