superagent icon indicating copy to clipboard operation
superagent copied to clipboard

Published 20 hours ago verified publisher icon ladjs

Support certificate pinning

Open enko opened this issue 8 years ago • 2 comments

It would be a very great security improvement for some node projects of mine, if I could get certificate pinning running with superagent.

I could relativly easy implement this, If I colud get access to the raw socket via socket.on('secureConnect'), but it I have not found a way to do this.

Is there a way to access the socket? If not could you please implement access to the socket?

enko avatar May 02 '17 07:05 enko

If you're making a request to a specific server that you control, then I think you can achieve a similar effect by using the .ca() setting.

Before having pinning in general I think we first should have HSTS support.

Both also depend on persisting the information, and we don't have a solution for this yet.

kornelski avatar May 03 '17 08:05 kornelski

You can access socket like this

request
.get('http://bla.bla')
.use(function (agent) {
    agent.on('request', ({req}) => {
        req.on('socket', (socket) => {
            socket.on('secureConnect', () => {
                //...
            });
        });
    });
})
.then(/*...*/);

webuniverseio avatar Sep 03 '19 19:09 webuniverseio