Skip to content

Commit 5f6d0b6

Browse files
b4s36t4b4s36t4
committed
fix: use https agent
1 parent 9673a07 commit 5f6d0b6

File tree

2 files changed

+12
-15
lines changed

2 files changed

+12
-15
lines changed

plugins/azure/contentSafety.ts

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { Agent } from 'undici';
1+
import { Agent } from 'https';
22
import {
33
HookEventType,
44
PluginContext,
@@ -83,11 +83,12 @@ export const handler: PluginHandler<{
8383

8484
let agent: Agent | null = null;
8585
// privatelink doesn't contain a valid certificate, skipping verification if it's customHost.
86+
// SECURITY NOTE: The following disables SSL certificate validation for custom hosts.
87+
// This is necessary for Azure Private Link endpoints that may use self-signed certificates,
88+
// but should only be used with trusted private endpoints.
8689
if (credentials.customHost) {
8790
agent = new Agent({
88-
connect: {
89-
rejectUnauthorized: false,
90-
},
91+
rejectUnauthorized: false,
9192
});
9293
}
9394

@@ -111,12 +112,7 @@ export const handler: PluginHandler<{
111112
const timeout = parameters.timeout || 5000;
112113
let response;
113114
try {
114-
response = await post(
115-
url,
116-
request,
117-
{ headers, dispatcher: agent },
118-
timeout
119-
);
115+
response = await post(url, request, { headers }, timeout);
120116
} catch (e) {
121117
return { error: e, verdict: true, data };
122118
}

plugins/azure/pii.ts

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { Agent } from 'undici';
1+
import { Agent } from 'https';
22
import {
33
HookEventType,
44
PluginContext,
@@ -56,19 +56,20 @@ const redact = async (
5656

5757
let agent: Agent | null = null;
5858
// privatelink doesn't contain a valid certificate, skipping verification if it's customHost.
59+
// SECURITY NOTE: The following disables SSL certificate validation for custom hosts.
60+
// This is necessary for Azure Private Link endpoints that may use self-signed certificates,
61+
// but should only be used with trusted private endpoints.
5962
if (credentials?.customHost) {
6063
agent = new Agent({
61-
connect: {
62-
rejectUnauthorized: false,
63-
},
64+
rejectUnauthorized: false,
6465
});
6566
}
6667

6768
const timeout = parameters.timeout || 5000;
6869
const response = await post(
6970
url,
7071
body,
71-
{ headers, dispatcher: agent },
72+
{ headers, dispatcher: undefined },
7273
timeout
7374
);
7475
return response;

0 commit comments

Comments
 (0)