Passing a custom agent to `fetch()`

[mataha]

This would solve...

In some otherwise trivial cases for fetch() a custom, one-purpose agent is required to manage a request, e.g. in order to check a server's identity manually or to disregard that verification completely (self-signed certificates come to mind). Current approach, from what I've seen, requires passing a set of TLS options to a dispatcher explicitly, then using said dispatcher to invoke a request - maybe it's just me, but I feel this could be simplified.

The implementation should look like...

Using https.Agent as an example:

import https from 'node:https';

const result = await fetch("https://example.com", {
    (...)
    agent: new https.Agent({
        rejectUnauthorized: false,
    }),
});

(...)

I have also considered...

Some parameters can be set via alternative means; environment variables come to mind:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;
process.env.NODE_EXTRA_CA_CERTS = ...;

However, I don't think applying this to every request is a good idea (same goes for any global agents).

Additional context

Implementations in similar projects:

• axios
• node-fetch

Possibly relevant issues:

• Filter tls options #236
• MockAgent don't intercept Pool requests #996

[mcollina]

This was already added in #1411.

Support for Node.js https.Agent is not planned due to API incompatibilities.

[mataha]

I understand, but: how can I do this in bare Node (with --experimental-fetch, of course) without installing this package?

[mcollina]

In order to do this you would need to:

1. use at least 18.3.0 (no --experimental-fetch needed)
2. use this module

At some future time this will be bundled in core.

[bancek]

If anyone else is looking for a way to pass rejectUnauthorized to fetch. I would expect to find this in Node.js docs or at least in Undici fetch or best practices docs.

You need to install undici dependency (npm install undici).

import { Agent } from 'undici';

await fetch('https://example.com', {
  dispatcher: new Agent({
    connect: {
      rejectUnauthorized: false,
    },
  }),
});

[Allon-Guralnek]

@bancek Using rejectUnauthorized didn't work for me when using ProxyAgent. It seems to ignore it. Perhaps it's only implemented in Agent.

Doing process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0" worked but that isn't an ideal solution.

[monjer]

After read the source code and the test case code , i find the solution. The ProxyAgent class has an options.requestTls and options.proxyTls, which are not described in document. In order to use rejectUnauthorized : false options, just code like below:

import { ProxyAgent, request } from 'undici'

const proxyAgent = new ProxyAgent('my.proxy.server',{
    requestTls: {  // this is the key point
         rejectUnauthorized: false,
    }
})

const {  statusCode,  body } = await request('http://localhost:3000/foo', { dispatcher: proxyAgent })
for await (const data of body) {
  console.log('data', data.toString('utf8'))
}

Also check the test case Proxy via HTTP to HTTPS endpoint and the proxy-agent source code.