I am developing a mobile application based on Ionic + Angular + Cordova + Node js.
the application visits a https server via window.XMLHttpRequest:
module.exports = function request (method, url, body, headers) {
return new Promise(function (resolve, reject) {
var xhr = new window.XMLHttpRequest()
xhr.open(method, url)
xhr.onload = function () {
return resolve({
status: xhr.status,
body: xhr.responseText
})
}
xhr.onerror = xhr.onabort = function () {
return reject(new Error(xhr.statusText || 'XHR aborted: ' + url))
}
Object.keys(headers).forEach(function (header) {
xhr.setRequestHeader(header, headers[header])
})
xhr.send(body)
})
}
for this function to be executed, an appropriate root CA need to be inserted into node environment. since I do not control the code that makes the https request, I would prefer a policy/config based approach that enables an extra root CA into node js.
I searched around, and found out that node had actually provided a environment variable 'NODE_EXTRA_CA_CERTS' that seems to meet my purpose.
yet I can not find any examples on how to utilize this variable.
my implementation is to install the npm package dotenv-webpack.
added a .env file which contains configuration 'NODE_EXTRA_CA_CERTS=./assets/cert/cacert.pem' (file path to the appropriate root CA).
I can verify that the variable NODE_EXTRA_CA_CERTS had been successfully set. yet it did not seem to have any effects. the access to the server was denied because of security.
so my question: can anyone please provide an example on how to utilize the variable 'NODE_EXTRA_CA_CERTS'?
thanks