1{ 2 "type": "module", 3 "source": "doc/api/https.md", 4 "modules": [ 5 { 6 "textRaw": "HTTPS", 7 "name": "https", 8 "introduced_in": "v0.10.0", 9 "stability": 2, 10 "stabilityText": "Stable", 11 "desc": "<p><strong>Source Code:</strong> <a href=\"https://github.com/nodejs/node/blob/v14.20.1/lib/https.js\">lib/https.js</a></p>\n<p>HTTPS is the HTTP protocol over TLS/SSL. In Node.js this is implemented as a\nseparate module.</p>", 12 "classes": [ 13 { 14 "textRaw": "Class: `https.Agent`", 15 "type": "class", 16 "name": "https.Agent", 17 "meta": { 18 "added": [ 19 "v0.4.5" 20 ], 21 "changes": [ 22 { 23 "version": "v5.3.0", 24 "pr-url": "https://github.com/nodejs/node/pull/4252", 25 "description": "support `0` `maxCachedSessions` to disable TLS session caching." 26 }, 27 { 28 "version": "v2.5.0", 29 "pr-url": "https://github.com/nodejs/node/pull/2228", 30 "description": "parameter `maxCachedSessions` added to `options` for TLS sessions reuse." 31 } 32 ] 33 }, 34 "desc": "<p>An <a href=\"#https_class_https_agent\"><code>Agent</code></a> object for HTTPS similar to <a href=\"http.html#http_class_http_agent\"><code>http.Agent</code></a>. See\n<a href=\"#https_https_request_options_callback\"><code>https.request()</code></a> for more information.</p>", 35 "signatures": [ 36 { 37 "params": [ 38 { 39 "textRaw": "`options` {Object} Set of configurable options to set on the agent. Can have the same fields as for [`http.Agent(options)`][], and", 40 "name": "options", 41 "type": "Object", 42 "desc": "Set of configurable options to set on the agent. Can have the same fields as for [`http.Agent(options)`][], and", 43 "options": [ 44 { 45 "textRaw": "`maxCachedSessions` {number} maximum number of TLS cached sessions. Use `0` to disable TLS session caching. **Default:** `100`.", 46 "name": "maxCachedSessions", 47 "type": "number", 48 "default": "`100`", 49 "desc": "maximum number of TLS cached sessions. Use `0` to disable TLS session caching." 50 }, 51 { 52 "textRaw": "`servername` {string} the value of [Server Name Indication extension][sni wiki] to be sent to the server. Use empty string `''` to disable sending the extension. **Default:** host name of the target server, unless the target server is specified using an IP address, in which case the default is `''` (no extension).See [`Session Resumption`][] for information about TLS session reuse.", 53 "name": "servername", 54 "type": "string", 55 "default": "host name of the target server, unless the target server is specified using an IP address, in which case the default is `''` (no extension).See [`Session Resumption`][] for information about TLS session reuse", 56 "desc": "the value of [Server Name Indication extension][sni wiki] to be sent to the server. Use empty string `''` to disable sending the extension." 57 } 58 ] 59 } 60 ] 61 } 62 ] 63 }, 64 { 65 "textRaw": "Class: `https.Server`", 66 "type": "class", 67 "name": "https.Server", 68 "meta": { 69 "added": [ 70 "v0.3.4" 71 ], 72 "changes": [] 73 }, 74 "desc": "<ul>\n<li>Extends: <a href=\"tls.html#tls_class_tls_server\" class=\"type\"><tls.Server></a></li>\n</ul>\n<p>See <a href=\"http.html#http_class_http_server\"><code>http.Server</code></a> for more information.</p>", 75 "methods": [ 76 { 77 "textRaw": "`server.close([callback])`", 78 "type": "method", 79 "name": "close", 80 "meta": { 81 "added": [ 82 "v0.1.90" 83 ], 84 "changes": [] 85 }, 86 "signatures": [ 87 { 88 "return": { 89 "textRaw": "Returns: {https.Server}", 90 "name": "return", 91 "type": "https.Server" 92 }, 93 "params": [ 94 { 95 "textRaw": "`callback` {Function}", 96 "name": "callback", 97 "type": "Function" 98 } 99 ] 100 } 101 ], 102 "desc": "<p>See <a href=\"http.html#http_server_close_callback\"><code>server.close()</code></a> from the HTTP module for details.</p>" 103 }, 104 { 105 "textRaw": "`server.listen()`", 106 "type": "method", 107 "name": "listen", 108 "signatures": [ 109 { 110 "params": [] 111 } 112 ], 113 "desc": "<p>Starts the HTTPS server listening for encrypted connections.\nThis method is identical to <a href=\"net.html#net_server_listen\"><code>server.listen()</code></a> from <a href=\"net.html#net_class_net_server\"><code>net.Server</code></a>.</p>" 114 }, 115 { 116 "textRaw": "`server.setTimeout([msecs][, callback])`", 117 "type": "method", 118 "name": "setTimeout", 119 "meta": { 120 "added": [ 121 "v0.11.2" 122 ], 123 "changes": [] 124 }, 125 "signatures": [ 126 { 127 "return": { 128 "textRaw": "Returns: {https.Server}", 129 "name": "return", 130 "type": "https.Server" 131 }, 132 "params": [ 133 { 134 "textRaw": "`msecs` {number} **Default:** `120000` (2 minutes)", 135 "name": "msecs", 136 "type": "number", 137 "default": "`120000` (2 minutes)" 138 }, 139 { 140 "textRaw": "`callback` {Function}", 141 "name": "callback", 142 "type": "Function" 143 } 144 ] 145 } 146 ], 147 "desc": "<p>See <a href=\"http.html#http_server_settimeout_msecs_callback\"><code>http.Server#setTimeout()</code></a>.</p>" 148 } 149 ], 150 "properties": [ 151 { 152 "textRaw": "`headersTimeout` {number} **Default:** `60000`", 153 "type": "number", 154 "name": "headersTimeout", 155 "meta": { 156 "added": [ 157 "v11.3.0" 158 ], 159 "changes": [] 160 }, 161 "default": "`60000`", 162 "desc": "<p>See <a href=\"http.html#http_server_headerstimeout\"><code>http.Server#headersTimeout</code></a>.</p>" 163 }, 164 { 165 "textRaw": "`maxHeadersCount` {number} **Default:** `2000`", 166 "type": "number", 167 "name": "maxHeadersCount", 168 "default": "`2000`", 169 "desc": "<p>See <a href=\"http.html#http_server_maxheaderscount\"><code>http.Server#maxHeadersCount</code></a>.</p>" 170 }, 171 { 172 "textRaw": "`requestTimeout` {number} **Default:** `0`", 173 "type": "number", 174 "name": "requestTimeout", 175 "meta": { 176 "added": [ 177 "v14.11.0" 178 ], 179 "changes": [] 180 }, 181 "default": "`0`", 182 "desc": "<p>See <a href=\"http.html#http_server_requesttimeout\"><code>http.Server#requestTimeout</code></a>.</p>" 183 }, 184 { 185 "textRaw": "`timeout` {number} **Default:** 0 (no timeout)", 186 "type": "number", 187 "name": "timeout", 188 "meta": { 189 "added": [ 190 "v0.11.2" 191 ], 192 "changes": [ 193 { 194 "version": "v13.0.0", 195 "pr-url": "https://github.com/nodejs/node/pull/27558", 196 "description": "The default timeout changed from 120s to 0 (no timeout)." 197 } 198 ] 199 }, 200 "default": "0 (no timeout)", 201 "desc": "<p>See <a href=\"http.html#http_server_timeout\"><code>http.Server#timeout</code></a>.</p>" 202 }, 203 { 204 "textRaw": "`keepAliveTimeout` {number} **Default:** `5000` (5 seconds)", 205 "type": "number", 206 "name": "keepAliveTimeout", 207 "meta": { 208 "added": [ 209 "v8.0.0" 210 ], 211 "changes": [] 212 }, 213 "default": "`5000` (5 seconds)", 214 "desc": "<p>See <a href=\"http.html#http_server_keepalivetimeout\"><code>http.Server#keepAliveTimeout</code></a>.</p>" 215 } 216 ] 217 } 218 ], 219 "methods": [ 220 { 221 "textRaw": "`https.createServer([options][, requestListener])`", 222 "type": "method", 223 "name": "createServer", 224 "meta": { 225 "added": [ 226 "v0.3.4" 227 ], 228 "changes": [] 229 }, 230 "signatures": [ 231 { 232 "return": { 233 "textRaw": "Returns: {https.Server}", 234 "name": "return", 235 "type": "https.Server" 236 }, 237 "params": [ 238 { 239 "textRaw": "`options` {Object} Accepts `options` from [`tls.createServer()`][], [`tls.createSecureContext()`][] and [`http.createServer()`][].", 240 "name": "options", 241 "type": "Object", 242 "desc": "Accepts `options` from [`tls.createServer()`][], [`tls.createSecureContext()`][] and [`http.createServer()`][]." 243 }, 244 { 245 "textRaw": "`requestListener` {Function} A listener to be added to the `'request'` event.", 246 "name": "requestListener", 247 "type": "Function", 248 "desc": "A listener to be added to the `'request'` event." 249 } 250 ] 251 } 252 ], 253 "desc": "<pre><code class=\"language-js\">// curl -k https://localhost:8000/\nconst https = require('https');\nconst fs = require('fs');\n\nconst options = {\n key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),\n cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')\n};\n\nhttps.createServer(options, (req, res) => {\n res.writeHead(200);\n res.end('hello world\\n');\n}).listen(8000);\n</code></pre>\n<p>Or</p>\n<pre><code class=\"language-js\">const https = require('https');\nconst fs = require('fs');\n\nconst options = {\n pfx: fs.readFileSync('test/fixtures/test_cert.pfx'),\n passphrase: 'sample'\n};\n\nhttps.createServer(options, (req, res) => {\n res.writeHead(200);\n res.end('hello world\\n');\n}).listen(8000);\n</code></pre>" 254 }, 255 { 256 "textRaw": "`https.get(options[, callback])`", 257 "type": "method", 258 "name": "get", 259 "meta": { 260 "added": [ 261 "v0.3.6" 262 ], 263 "changes": [ 264 { 265 "version": "v10.9.0", 266 "pr-url": "https://github.com/nodejs/node/pull/21616", 267 "description": "The `url` parameter can now be passed along with a separate `options` object." 268 }, 269 { 270 "version": "v7.5.0", 271 "pr-url": "https://github.com/nodejs/node/pull/10638", 272 "description": "The `options` parameter can be a WHATWG `URL` object." 273 } 274 ] 275 }, 276 "signatures": [ 277 { 278 "params": [ 279 { 280 "textRaw": "`url` {string | URL}", 281 "name": "url", 282 "type": "string | URL" 283 }, 284 { 285 "textRaw": "`options` {Object | string | URL} Accepts the same `options` as [`https.request()`][], with the `method` always set to `GET`.", 286 "name": "options", 287 "type": "Object | string | URL", 288 "desc": "Accepts the same `options` as [`https.request()`][], with the `method` always set to `GET`." 289 }, 290 { 291 "textRaw": "`callback` {Function}", 292 "name": "callback", 293 "type": "Function" 294 } 295 ] 296 } 297 ], 298 "desc": "<p>Like <a href=\"http.html#http_http_get_options_callback\"><code>http.get()</code></a> but for HTTPS.</p>\n<p><code>options</code> can be an object, a string, or a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a> object. If <code>options</code> is a\nstring, it is automatically parsed with <a href=\"url.html#url_new_url_input_base\"><code>new URL()</code></a>. If it is a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a>\nobject, it will be automatically converted to an ordinary <code>options</code> object.</p>\n<pre><code class=\"language-js\">const https = require('https');\n\nhttps.get('https://encrypted.google.com/', (res) => {\n console.log('statusCode:', res.statusCode);\n console.log('headers:', res.headers);\n\n res.on('data', (d) => {\n process.stdout.write(d);\n });\n\n}).on('error', (e) => {\n console.error(e);\n});\n</code></pre>" 299 }, 300 { 301 "textRaw": "`https.get(url[, options][, callback])`", 302 "type": "method", 303 "name": "get", 304 "meta": { 305 "added": [ 306 "v0.3.6" 307 ], 308 "changes": [ 309 { 310 "version": "v10.9.0", 311 "pr-url": "https://github.com/nodejs/node/pull/21616", 312 "description": "The `url` parameter can now be passed along with a separate `options` object." 313 }, 314 { 315 "version": "v7.5.0", 316 "pr-url": "https://github.com/nodejs/node/pull/10638", 317 "description": "The `options` parameter can be a WHATWG `URL` object." 318 } 319 ] 320 }, 321 "signatures": [ 322 { 323 "params": [ 324 { 325 "textRaw": "`url` {string | URL}", 326 "name": "url", 327 "type": "string | URL" 328 }, 329 { 330 "textRaw": "`options` {Object | string | URL} Accepts the same `options` as [`https.request()`][], with the `method` always set to `GET`.", 331 "name": "options", 332 "type": "Object | string | URL", 333 "desc": "Accepts the same `options` as [`https.request()`][], with the `method` always set to `GET`." 334 }, 335 { 336 "textRaw": "`callback` {Function}", 337 "name": "callback", 338 "type": "Function" 339 } 340 ] 341 } 342 ], 343 "desc": "<p>Like <a href=\"http.html#http_http_get_options_callback\"><code>http.get()</code></a> but for HTTPS.</p>\n<p><code>options</code> can be an object, a string, or a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a> object. If <code>options</code> is a\nstring, it is automatically parsed with <a href=\"url.html#url_new_url_input_base\"><code>new URL()</code></a>. If it is a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a>\nobject, it will be automatically converted to an ordinary <code>options</code> object.</p>\n<pre><code class=\"language-js\">const https = require('https');\n\nhttps.get('https://encrypted.google.com/', (res) => {\n console.log('statusCode:', res.statusCode);\n console.log('headers:', res.headers);\n\n res.on('data', (d) => {\n process.stdout.write(d);\n });\n\n}).on('error', (e) => {\n console.error(e);\n});\n</code></pre>" 344 }, 345 { 346 "textRaw": "`https.request(options[, callback])`", 347 "type": "method", 348 "name": "request", 349 "meta": { 350 "added": [ 351 "v0.3.6" 352 ], 353 "changes": [ 354 { 355 "version": "v14.18.0", 356 "pr-url": "https://github.com/nodejs/node/pull/39310", 357 "description": "When using a `URL` object parsed username and password will now be properly URI decoded." 358 }, 359 { 360 "version": "v14.1.0", 361 "pr-url": "https://github.com/nodejs/node/pull/32786", 362 "description": "The `highWaterMark` option is accepted now." 363 }, 364 { 365 "version": "v10.9.0", 366 "pr-url": "https://github.com/nodejs/node/pull/21616", 367 "description": "The `url` parameter can now be passed along with a separate `options` object." 368 }, 369 { 370 "version": "v9.3.0", 371 "pr-url": "https://github.com/nodejs/node/pull/14903", 372 "description": "The `options` parameter can now include `clientCertEngine`." 373 }, 374 { 375 "version": "v7.5.0", 376 "pr-url": "https://github.com/nodejs/node/pull/10638", 377 "description": "The `options` parameter can be a WHATWG `URL` object." 378 } 379 ] 380 }, 381 "signatures": [ 382 { 383 "return": { 384 "textRaw": "Returns: {http.ClientRequest}", 385 "name": "return", 386 "type": "http.ClientRequest" 387 }, 388 "params": [ 389 { 390 "textRaw": "`url` {string | URL}", 391 "name": "url", 392 "type": "string | URL" 393 }, 394 { 395 "textRaw": "`options` {Object | string | URL} Accepts all `options` from [`http.request()`][], with some differences in default values:", 396 "name": "options", 397 "type": "Object | string | URL", 398 "desc": "Accepts all `options` from [`http.request()`][], with some differences in default values:", 399 "options": [ 400 { 401 "textRaw": "`protocol` **Default:** `'https:'`", 402 "name": "protocol", 403 "default": "`'https:'`" 404 }, 405 { 406 "textRaw": "`port` **Default:** `443`", 407 "name": "port", 408 "default": "`443`" 409 }, 410 { 411 "textRaw": "`agent` **Default:** `https.globalAgent`", 412 "name": "agent", 413 "default": "`https.globalAgent`" 414 } 415 ] 416 }, 417 { 418 "textRaw": "`callback` {Function}", 419 "name": "callback", 420 "type": "Function" 421 } 422 ] 423 } 424 ], 425 "desc": "<p>Makes a request to a secure web server.</p>\n<p>The following additional <code>options</code> from <a href=\"tls.html#tls_tls_connect_options_callback\"><code>tls.connect()</code></a> are also accepted:\n<code>ca</code>, <code>cert</code>, <code>ciphers</code>, <code>clientCertEngine</code>, <code>crl</code>, <code>dhparam</code>, <code>ecdhCurve</code>,\n<code>honorCipherOrder</code>, <code>key</code>, <code>passphrase</code>, <code>pfx</code>, <code>rejectUnauthorized</code>,\n<code>secureOptions</code>, <code>secureProtocol</code>, <code>servername</code>, <code>sessionIdContext</code>,\n<code>highWaterMark</code>.</p>\n<p><code>options</code> can be an object, a string, or a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a> object. If <code>options</code> is a\nstring, it is automatically parsed with <a href=\"url.html#url_new_url_input_base\"><code>new URL()</code></a>. If it is a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a>\nobject, it will be automatically converted to an ordinary <code>options</code> object.</p>\n<p><code>https.request()</code> returns an instance of the <a href=\"http.html#http_class_http_clientrequest\"><code>http.ClientRequest</code></a>\nclass. The <code>ClientRequest</code> instance is a writable stream. If one needs to\nupload a file with a POST request, then write to the <code>ClientRequest</code> object.</p>\n<pre><code class=\"language-js\">const https = require('https');\n\nconst options = {\n hostname: 'encrypted.google.com',\n port: 443,\n path: '/',\n method: 'GET'\n};\n\nconst req = https.request(options, (res) => {\n console.log('statusCode:', res.statusCode);\n console.log('headers:', res.headers);\n\n res.on('data', (d) => {\n process.stdout.write(d);\n });\n});\n\nreq.on('error', (e) => {\n console.error(e);\n});\nreq.end();\n</code></pre>\n<p>Example using options from <a href=\"tls.html#tls_tls_connect_options_callback\"><code>tls.connect()</code></a>:</p>\n<pre><code class=\"language-js\">const options = {\n hostname: 'encrypted.google.com',\n port: 443,\n path: '/',\n method: 'GET',\n key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),\n cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')\n};\noptions.agent = new https.Agent(options);\n\nconst req = https.request(options, (res) => {\n // ...\n});\n</code></pre>\n<p>Alternatively, opt out of connection pooling by not using an <a href=\"#https_class_https_agent\"><code>Agent</code></a>.</p>\n<pre><code class=\"language-js\">const options = {\n hostname: 'encrypted.google.com',\n port: 443,\n path: '/',\n method: 'GET',\n key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),\n cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem'),\n agent: false\n};\n\nconst req = https.request(options, (res) => {\n // ...\n});\n</code></pre>\n<p>Example using a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a> as <code>options</code>:</p>\n<pre><code class=\"language-js\">const options = new URL('https://abc:xyz@example.com');\n\nconst req = https.request(options, (res) => {\n // ...\n});\n</code></pre>\n<p>Example pinning on certificate fingerprint, or the public key (similar to\n<code>pin-sha256</code>):</p>\n<pre><code class=\"language-js\">const tls = require('tls');\nconst https = require('https');\nconst crypto = require('crypto');\n\nfunction sha256(s) {\n return crypto.createHash('sha256').update(s).digest('base64');\n}\nconst options = {\n hostname: 'github.com',\n port: 443,\n path: '/',\n method: 'GET',\n checkServerIdentity: function(host, cert) {\n // Make sure the certificate is issued to the host we are connected to\n const err = tls.checkServerIdentity(host, cert);\n if (err) {\n return err;\n }\n\n // Pin the public key, similar to HPKP pin-sha25 pinning\n const pubkey256 = 'pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=';\n if (sha256(cert.pubkey) !== pubkey256) {\n const msg = 'Certificate verification error: ' +\n `The public key of '${cert.subject.CN}' ` +\n 'does not match our pinned fingerprint';\n return new Error(msg);\n }\n\n // Pin the exact certificate, rather than the pub key\n const cert256 = '25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:' +\n 'D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16';\n if (cert.fingerprint256 !== cert256) {\n const msg = 'Certificate verification error: ' +\n `The certificate of '${cert.subject.CN}' ` +\n 'does not match our pinned fingerprint';\n return new Error(msg);\n }\n\n // This loop is informational only.\n // Print the certificate and public key fingerprints of all certs in the\n // chain. Its common to pin the public key of the issuer on the public\n // internet, while pinning the public key of the service in sensitive\n // environments.\n do {\n console.log('Subject Common Name:', cert.subject.CN);\n console.log(' Certificate SHA256 fingerprint:', cert.fingerprint256);\n\n hash = crypto.createHash('sha256');\n console.log(' Public key ping-sha256:', sha256(cert.pubkey));\n\n lastprint256 = cert.fingerprint256;\n cert = cert.issuerCertificate;\n } while (cert.fingerprint256 !== lastprint256);\n\n },\n};\n\noptions.agent = new https.Agent(options);\nconst req = https.request(options, (res) => {\n console.log('All OK. Server matched our pinned cert or public key');\n console.log('statusCode:', res.statusCode);\n // Print the HPKP values\n console.log('headers:', res.headers['public-key-pins']);\n\n res.on('data', (d) => {});\n});\n\nreq.on('error', (e) => {\n console.error(e.message);\n});\nreq.end();\n</code></pre>\n<p>Outputs for example:</p>\n<pre><code class=\"language-text\">Subject Common Name: github.com\n Certificate SHA256 fingerprint: 25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16\n Public key ping-sha256: pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=\nSubject Common Name: DigiCert SHA2 Extended Validation Server CA\n Certificate SHA256 fingerprint: 40:3E:06:2A:26:53:05:91:13:28:5B:AF:80:A0:D4:AE:42:2C:84:8C:9F:78:FA:D0:1F:C9:4B:C5:B8:7F:EF:1A\n Public key ping-sha256: RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=\nSubject Common Name: DigiCert High Assurance EV Root CA\n Certificate SHA256 fingerprint: 74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF\n Public key ping-sha256: WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=\nAll OK. Server matched our pinned cert or public key\nstatusCode: 200\nheaders: max-age=0; pin-sha256=\"WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=\"; pin-sha256=\"RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=\"; pin-sha256=\"k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=\"; pin-sha256=\"K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=\"; pin-sha256=\"IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=\"; pin-sha256=\"iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=\"; pin-sha256=\"LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A=\"; includeSubDomains\n</code></pre>" 426 }, 427 { 428 "textRaw": "`https.request(url[, options][, callback])`", 429 "type": "method", 430 "name": "request", 431 "meta": { 432 "added": [ 433 "v0.3.6" 434 ], 435 "changes": [ 436 { 437 "version": "v14.18.0", 438 "pr-url": "https://github.com/nodejs/node/pull/39310", 439 "description": "When using a `URL` object parsed username and password will now be properly URI decoded." 440 }, 441 { 442 "version": "v14.1.0", 443 "pr-url": "https://github.com/nodejs/node/pull/32786", 444 "description": "The `highWaterMark` option is accepted now." 445 }, 446 { 447 "version": "v10.9.0", 448 "pr-url": "https://github.com/nodejs/node/pull/21616", 449 "description": "The `url` parameter can now be passed along with a separate `options` object." 450 }, 451 { 452 "version": "v9.3.0", 453 "pr-url": "https://github.com/nodejs/node/pull/14903", 454 "description": "The `options` parameter can now include `clientCertEngine`." 455 }, 456 { 457 "version": "v7.5.0", 458 "pr-url": "https://github.com/nodejs/node/pull/10638", 459 "description": "The `options` parameter can be a WHATWG `URL` object." 460 } 461 ] 462 }, 463 "signatures": [ 464 { 465 "return": { 466 "textRaw": "Returns: {http.ClientRequest}", 467 "name": "return", 468 "type": "http.ClientRequest" 469 }, 470 "params": [ 471 { 472 "textRaw": "`url` {string | URL}", 473 "name": "url", 474 "type": "string | URL" 475 }, 476 { 477 "textRaw": "`options` {Object | string | URL} Accepts all `options` from [`http.request()`][], with some differences in default values:", 478 "name": "options", 479 "type": "Object | string | URL", 480 "desc": "Accepts all `options` from [`http.request()`][], with some differences in default values:", 481 "options": [ 482 { 483 "textRaw": "`protocol` **Default:** `'https:'`", 484 "name": "protocol", 485 "default": "`'https:'`" 486 }, 487 { 488 "textRaw": "`port` **Default:** `443`", 489 "name": "port", 490 "default": "`443`" 491 }, 492 { 493 "textRaw": "`agent` **Default:** `https.globalAgent`", 494 "name": "agent", 495 "default": "`https.globalAgent`" 496 } 497 ] 498 }, 499 { 500 "textRaw": "`callback` {Function}", 501 "name": "callback", 502 "type": "Function" 503 } 504 ] 505 } 506 ], 507 "desc": "<p>Makes a request to a secure web server.</p>\n<p>The following additional <code>options</code> from <a href=\"tls.html#tls_tls_connect_options_callback\"><code>tls.connect()</code></a> are also accepted:\n<code>ca</code>, <code>cert</code>, <code>ciphers</code>, <code>clientCertEngine</code>, <code>crl</code>, <code>dhparam</code>, <code>ecdhCurve</code>,\n<code>honorCipherOrder</code>, <code>key</code>, <code>passphrase</code>, <code>pfx</code>, <code>rejectUnauthorized</code>,\n<code>secureOptions</code>, <code>secureProtocol</code>, <code>servername</code>, <code>sessionIdContext</code>,\n<code>highWaterMark</code>.</p>\n<p><code>options</code> can be an object, a string, or a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a> object. If <code>options</code> is a\nstring, it is automatically parsed with <a href=\"url.html#url_new_url_input_base\"><code>new URL()</code></a>. If it is a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a>\nobject, it will be automatically converted to an ordinary <code>options</code> object.</p>\n<p><code>https.request()</code> returns an instance of the <a href=\"http.html#http_class_http_clientrequest\"><code>http.ClientRequest</code></a>\nclass. The <code>ClientRequest</code> instance is a writable stream. If one needs to\nupload a file with a POST request, then write to the <code>ClientRequest</code> object.</p>\n<pre><code class=\"language-js\">const https = require('https');\n\nconst options = {\n hostname: 'encrypted.google.com',\n port: 443,\n path: '/',\n method: 'GET'\n};\n\nconst req = https.request(options, (res) => {\n console.log('statusCode:', res.statusCode);\n console.log('headers:', res.headers);\n\n res.on('data', (d) => {\n process.stdout.write(d);\n });\n});\n\nreq.on('error', (e) => {\n console.error(e);\n});\nreq.end();\n</code></pre>\n<p>Example using options from <a href=\"tls.html#tls_tls_connect_options_callback\"><code>tls.connect()</code></a>:</p>\n<pre><code class=\"language-js\">const options = {\n hostname: 'encrypted.google.com',\n port: 443,\n path: '/',\n method: 'GET',\n key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),\n cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem')\n};\noptions.agent = new https.Agent(options);\n\nconst req = https.request(options, (res) => {\n // ...\n});\n</code></pre>\n<p>Alternatively, opt out of connection pooling by not using an <a href=\"#https_class_https_agent\"><code>Agent</code></a>.</p>\n<pre><code class=\"language-js\">const options = {\n hostname: 'encrypted.google.com',\n port: 443,\n path: '/',\n method: 'GET',\n key: fs.readFileSync('test/fixtures/keys/agent2-key.pem'),\n cert: fs.readFileSync('test/fixtures/keys/agent2-cert.pem'),\n agent: false\n};\n\nconst req = https.request(options, (res) => {\n // ...\n});\n</code></pre>\n<p>Example using a <a href=\"url.html#url_the_whatwg_url_api\"><code>URL</code></a> as <code>options</code>:</p>\n<pre><code class=\"language-js\">const options = new URL('https://abc:xyz@example.com');\n\nconst req = https.request(options, (res) => {\n // ...\n});\n</code></pre>\n<p>Example pinning on certificate fingerprint, or the public key (similar to\n<code>pin-sha256</code>):</p>\n<pre><code class=\"language-js\">const tls = require('tls');\nconst https = require('https');\nconst crypto = require('crypto');\n\nfunction sha256(s) {\n return crypto.createHash('sha256').update(s).digest('base64');\n}\nconst options = {\n hostname: 'github.com',\n port: 443,\n path: '/',\n method: 'GET',\n checkServerIdentity: function(host, cert) {\n // Make sure the certificate is issued to the host we are connected to\n const err = tls.checkServerIdentity(host, cert);\n if (err) {\n return err;\n }\n\n // Pin the public key, similar to HPKP pin-sha25 pinning\n const pubkey256 = 'pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=';\n if (sha256(cert.pubkey) !== pubkey256) {\n const msg = 'Certificate verification error: ' +\n `The public key of '${cert.subject.CN}' ` +\n 'does not match our pinned fingerprint';\n return new Error(msg);\n }\n\n // Pin the exact certificate, rather than the pub key\n const cert256 = '25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:' +\n 'D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16';\n if (cert.fingerprint256 !== cert256) {\n const msg = 'Certificate verification error: ' +\n `The certificate of '${cert.subject.CN}' ` +\n 'does not match our pinned fingerprint';\n return new Error(msg);\n }\n\n // This loop is informational only.\n // Print the certificate and public key fingerprints of all certs in the\n // chain. Its common to pin the public key of the issuer on the public\n // internet, while pinning the public key of the service in sensitive\n // environments.\n do {\n console.log('Subject Common Name:', cert.subject.CN);\n console.log(' Certificate SHA256 fingerprint:', cert.fingerprint256);\n\n hash = crypto.createHash('sha256');\n console.log(' Public key ping-sha256:', sha256(cert.pubkey));\n\n lastprint256 = cert.fingerprint256;\n cert = cert.issuerCertificate;\n } while (cert.fingerprint256 !== lastprint256);\n\n },\n};\n\noptions.agent = new https.Agent(options);\nconst req = https.request(options, (res) => {\n console.log('All OK. Server matched our pinned cert or public key');\n console.log('statusCode:', res.statusCode);\n // Print the HPKP values\n console.log('headers:', res.headers['public-key-pins']);\n\n res.on('data', (d) => {});\n});\n\nreq.on('error', (e) => {\n console.error(e.message);\n});\nreq.end();\n</code></pre>\n<p>Outputs for example:</p>\n<pre><code class=\"language-text\">Subject Common Name: github.com\n Certificate SHA256 fingerprint: 25:FE:39:32:D9:63:8C:8A:FC:A1:9A:29:87:D8:3E:4C:1D:98:DB:71:E4:1A:48:03:98:EA:22:6A:BD:8B:93:16\n Public key ping-sha256: pL1+qb9HTMRZJmuC/bB/ZI9d302BYrrqiVuRyW+DGrU=\nSubject Common Name: DigiCert SHA2 Extended Validation Server CA\n Certificate SHA256 fingerprint: 40:3E:06:2A:26:53:05:91:13:28:5B:AF:80:A0:D4:AE:42:2C:84:8C:9F:78:FA:D0:1F:C9:4B:C5:B8:7F:EF:1A\n Public key ping-sha256: RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=\nSubject Common Name: DigiCert High Assurance EV Root CA\n Certificate SHA256 fingerprint: 74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF\n Public key ping-sha256: WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=\nAll OK. Server matched our pinned cert or public key\nstatusCode: 200\nheaders: max-age=0; pin-sha256=\"WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=\"; pin-sha256=\"RRM1dGqnDFsCJXBTHky16vi1obOlCgFFn/yOhI/y+ho=\"; pin-sha256=\"k2v657xBsOVe1PQRwOsHsw3bsGT2VzIqz5K+59sNQws=\"; pin-sha256=\"K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=\"; pin-sha256=\"IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=\"; pin-sha256=\"iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0=\"; pin-sha256=\"LvRiGEjRqfzurezaWuj8Wie2gyHMrW5Q06LspMnox7A=\"; includeSubDomains\n</code></pre>" 508 } 509 ], 510 "properties": [ 511 { 512 "textRaw": "`https.globalAgent`", 513 "name": "globalAgent", 514 "meta": { 515 "added": [ 516 "v0.5.9" 517 ], 518 "changes": [] 519 }, 520 "desc": "<p>Global instance of <a href=\"#https_class_https_agent\"><code>https.Agent</code></a> for all HTTPS client requests.</p>" 521 } 522 ], 523 "type": "module", 524 "displayName": "HTTPS" 525 } 526 ] 527}