mirror of
https://github.com/cypress-io/cypress.git
synced 2026-03-10 19:39:10 -05:00
Set minimum TLS version to TLSv1 (#6130)
Set minimum TLS version to TLSv1
This commit is contained in:
Zach Bloomquist
@@ -11,11 +11,19 @@ const debug = debugModule('cypress:network:agent')
|
||||
const CRLF = '\r\n'
|
||||
const statusCodeRe = /^HTTP\/1.[01] (\d*)/
|
||||
|
||||
interface RequestOptionsWithProxy extends http.RequestOptions {
|
||||
type WithProxyOpts<RequestOptions> = RequestOptions & {
|
||||
proxy: string
|
||||
shouldRetry?: boolean
|
||||
}
|
||||
|
||||
type RequestOptionsWithProxy = WithProxyOpts<http.RequestOptions>
|
||||
|
||||
type HttpsRequestOptions = https.RequestOptions & {
|
||||
minVersion?: 'TLSv1'
|
||||
}
|
||||
|
||||
type HttpsRequestOptionsWithProxy = WithProxyOpts<HttpsRequestOptions>
|
||||
|
||||
type FamilyCache = {
|
||||
[host: string]: 4 | 6
|
||||
}
|
||||
@@ -253,14 +261,18 @@ class HttpsAgent extends https.Agent {
|
||||
super(opts)
|
||||
}
|
||||
|
||||
createConnection (options: http.RequestOptions, cb: http.SocketCallback) {
|
||||
createConnection (options: HttpsRequestOptions, cb: http.SocketCallback) {
|
||||
// allow requests to use older TLS versions
|
||||
// https://github.com/cypress-io/cypress/issues/5446
|
||||
options.minVersion = 'TLSv1'
|
||||
|
||||
if (process.env.HTTPS_PROXY) {
|
||||
const proxy = getProxyForUrl(options.href)
|
||||
|
||||
if (proxy) {
|
||||
options.proxy = <string>proxy
|
||||
|
||||
return this.createUpstreamProxyConnection(<RequestOptionsWithProxy>options, cb)
|
||||
return this.createUpstreamProxyConnection(<HttpsRequestOptionsWithProxy>options, cb)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -268,7 +280,7 @@ class HttpsAgent extends https.Agent {
|
||||
cb(null, super.createConnection(options))
|
||||
}
|
||||
|
||||
createUpstreamProxyConnection (options: RequestOptionsWithProxy, cb: http.SocketCallback) {
|
||||
createUpstreamProxyConnection (options: HttpsRequestOptionsWithProxy, cb: http.SocketCallback) {
|
||||
// heavily inspired by
|
||||
// https://github.com/mknj/node-keepalive-proxy-agent/blob/master/index.js
|
||||
debug(`Creating proxied socket for ${options.href} through ${options.proxy}`)
|
||||
|
||||
@@ -21,6 +21,7 @@ exports['e2e visit / low response timeout / passes'] = `
|
||||
✓ scrolls automatically to div with id=foo
|
||||
✓ can load an http page with a huge amount of elements without timing out
|
||||
✓ can load a local file with a huge amount of elements without timing out
|
||||
✓ can load a site via TLSv1
|
||||
issue #225: hash urls
|
||||
✓ can visit a hash url and loads
|
||||
✓ can visit the same hash url and loads
|
||||
@@ -35,14 +36,14 @@ exports['e2e visit / low response timeout / passes'] = `
|
||||
✓ sets accept header to text/html,*/*
|
||||
|
||||
|
||||
11 passing
|
||||
12 passing
|
||||
|
||||
|
||||
(Results)
|
||||
|
||||
┌────────────────────────────────────────────────────────────────────────────────────────────────┐
|
||||
│ Tests: 11 │
|
||||
│ Passing: 11 │
|
||||
│ Tests: 12 │
|
||||
│ Passing: 12 │
|
||||
│ Failing: 0 │
|
||||
│ Pending: 0 │
|
||||
│ Skipped: 0 │
|
||||
@@ -66,9 +67,9 @@ exports['e2e visit / low response timeout / passes'] = `
|
||||
|
||||
Spec Tests Passing Failing Pending Skipped
|
||||
┌────────────────────────────────────────────────────────────────────────────────────────────────┐
|
||||
│ ✔ visit_spec.coffee XX:XX 11 11 - - - │
|
||||
│ ✔ visit_spec.coffee XX:XX 12 12 - - - │
|
||||
└────────────────────────────────────────────────────────────────────────────────────────────────┘
|
||||
✔ All specs passed! XX:XX 11 11 - - -
|
||||
✔ All specs passed! XX:XX 12 12 - - -
|
||||
|
||||
|
||||
`
|
||||
|
||||
@@ -162,6 +162,7 @@
|
||||
"express-session": "1.16.1",
|
||||
"express-useragent": "1.0.12",
|
||||
"http-mitm-proxy": "0.7.0",
|
||||
"https-pem": "2.0.0",
|
||||
"https-proxy-agent": "3.0.0",
|
||||
"istanbul": "0.4.5",
|
||||
"mocked-env": "1.2.4",
|
||||
|
||||
@@ -1,6 +1,29 @@
|
||||
_ = require("lodash")
|
||||
Bluebird = require("bluebird")
|
||||
cert = require("https-pem")
|
||||
https = require("https")
|
||||
useragent = require("express-useragent")
|
||||
{ allowDestroy } = require("@packages/network")
|
||||
e2e = require("../support/helpers/e2e")
|
||||
|
||||
## create an HTTPS server that forces TLSv1
|
||||
startTlsV1Server = (port) ->
|
||||
Bluebird.fromCallback (cb) ->
|
||||
opts = _.merge({
|
||||
secureProtocol: "TLSv1_server_method",
|
||||
}, cert)
|
||||
|
||||
serv = https.createServer opts, (req, res) =>
|
||||
res.setHeader('content-type', 'text/html')
|
||||
res.end('foo')
|
||||
|
||||
allowDestroy(serv)
|
||||
|
||||
serv.listen port, (err) =>
|
||||
cb(null, serv)
|
||||
|
||||
serv.on('error', cb)
|
||||
|
||||
onServer = (app) ->
|
||||
app.get "/agent.json", (req, res) ->
|
||||
source = req.headers["user-agent"] ? ""
|
||||
@@ -75,6 +98,12 @@ describe "e2e visit", ->
|
||||
spec: "visit_spec.coffee"
|
||||
snapshot: true
|
||||
expectedExitCode: 0
|
||||
onRun: (exec) ->
|
||||
startTlsV1Server(6776)
|
||||
.then (serv) ->
|
||||
exec()
|
||||
.then ->
|
||||
serv.destroy()
|
||||
}
|
||||
|
||||
e2e.it "fails when network connection immediately fails", {
|
||||
|
||||
@@ -10,6 +10,10 @@ describe "visits", ->
|
||||
it "can load a local file with a huge amount of elements without timing out", ->
|
||||
cy.visit("/elements.html", {timeout: 5000})
|
||||
|
||||
## https://github.com/cypress-io/cypress/issues/5446
|
||||
it "can load a site via TLSv1", ->
|
||||
cy.visit("https://localhost:6776")
|
||||
|
||||
context "issue #225: hash urls", ->
|
||||
rand = Math.random()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user