Feature: Option to allow untrusted HTTPS certificates for screenshots & link checking (#204)

2025-02-03 13:12:03 +02:00 · 2023-11-11 23:06:45 +13:00 · 2023-11-11 23:06:45 +13:00 · 4c5b024eca
commit 4c5b024eca
parent 74236258db
4 changed files with 26 additions and 2 deletions
--- a/cmd/root.go
+++ b/cmd/root.go
@ -109,6 +109,8 @@ func init() {
 	rootCmd.Flags().StringVar(&config.WebhookURL, "webhook-url", config.WebhookURL, "Send a webhook request for new messages")
 	rootCmd.Flags().IntVar(&webhook.RateLimit, "webhook-limit", webhook.RateLimit, "Limit webhook requests per second")

+	rootCmd.Flags().BoolVar(&config.AllowUntrustedTLS, "allow-untrusted-tls", config.AllowUntrustedTLS, "Do not verify HTTPS certificates (link checker & screenshots)")
+
 	rootCmd.Flags().StringVarP(&config.SMTPCLITags, "tag", "t", config.SMTPCLITags, "Tag new messages matching filters")
 	rootCmd.Flags().BoolVarP(&logger.QuietLogging, "quiet", "q", logger.QuietLogging, "Quiet logging (errors only)")
 	rootCmd.Flags().BoolVarP(&logger.VerboseLogging, "verbose", "v", logger.VerboseLogging, "Verbose logging")
@ -199,6 +201,9 @@ func initConfigFromEnv() {
 	if getEnabledFromEnv("MP_BLOCK_REMOTE_CSS_AND_FONTS") {
 		config.BlockRemoteCSSAndFonts = true
 	}
+	if getEnabledFromEnv("MP_ALLOW_UNTRUSTED_TLS") {
+		config.AllowUntrustedTLS = true
+	}
 	if getEnabledFromEnv("MP_QUIET") {
 		logger.QuietLogging = true
 	}
--- a/config/config.go
+++ b/config/config.go
@ -101,6 +101,9 @@ var (
 	// ContentSecurityPolicy for HTTP server - set via VerifyConfig()
 	ContentSecurityPolicy string

+	// AllowUntrustedTLS allows untrusted HTTPS connections link checking & screenshot generation
+	AllowUntrustedTLS bool
+
 	// Version is the default application version, updated on release
 	Version = "dev"

--- a/internal/linkcheck/status.go
+++ b/internal/linkcheck/status.go
@ -1,6 +1,7 @@
 package linkcheck

 import (
+	"crypto/tls"
 	"net/http"
 	"regexp"
 	"sync"
@ -59,8 +60,15 @@ func doHead(link string, followRedirects bool) (int, error) {

 	timeout := time.Duration(10 * time.Second)

+	tr := &http.Transport{}
+
+	if config.AllowUntrustedTLS {
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	client := http.Client{
-		Timeout: timeout,
+		Timeout:   timeout,
+		Transport: tr,
 		CheckRedirect: func(req *http.Request, via []*http.Request) error {
 			if followRedirects {
 				return nil
--- a/server/handlers/proxy.go
+++ b/server/handlers/proxy.go
@ -2,6 +2,7 @@
 package handlers

 import (
+	"crypto/tls"
 	"fmt"
 	"io"
 	"net/http"
@ -31,8 +32,15 @@ func ProxyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}

+	tr := &http.Transport{}
+
+	if config.AllowUntrustedTLS {
+		tr.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+	}
+
 	client := &http.Client{
-		Timeout: 10 * time.Second,
+		Transport: tr,
+		Timeout:   10 * time.Second,
 	}

 	req, err := http.NewRequest("GET", uri, nil)