feat: support NODE_EXTRA_CA_CERTS (#41822)

* feat: support NODE_EXTRA_CA_CERTS Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> * chore: allow disabling NODE_EXTRA_CA_CERTS Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> * chore: call base::Environment::UnSetVar Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> * docs: link to fuses from env vars Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> * chore: update patch to match upstream Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> * docs: note enabled by default Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> * Update environment-variables.md Co-authored-by: John Kleinschmidt <jkleinsc@electronjs.org> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com> --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
2024-04-15 12:22:39 -07:00 · 2024-04-15 12:22:39 -07:00 · c37c7fd3c4
commit c37c7fd3c4
parent cf1087badd
7 changed files with 57 additions and 9 deletions
--- a/shell/common/node_bindings.cc
+++ b/shell/common/node_bindings.cc
@ -338,7 +338,7 @@ bool IsAllowedOption(const std::string_view option) {
 // Initialize NODE_OPTIONS to pass to Node.js
 // See https://nodejs.org/api/cli.html#cli_node_options_options
 void SetNodeOptions(base::Environment* env) {
-  // Options that are unilaterally disallowed
+  // Options that are expressly disallowed
  static constexpr auto disallowed = base::MakeFixedFlatSet<std::string_view>({
      "--enable-fips",
      "--experimental-policy",
@ -353,6 +353,13 @@ void SetNodeOptions(base::Environment* env) {
      "--max-http-header-size",
  });

+  if (env->HasVar("NODE_EXTRA_CA_CERTS")) {
+    if (!electron::fuses::IsNodeOptionsEnabled()) {
+      LOG(WARNING) << "NODE_OPTIONS ignored due to disabled nodeOptions fuse.";
+      env->UnSetVar("NODE_EXTRA_CA_CERTS");
+    }
+  }
+
  if (env->HasVar("NODE_OPTIONS")) {
    if (electron::fuses::IsNodeOptionsEnabled()) {
      std::string options;
@ -383,8 +390,8 @@ void SetNodeOptions(base::Environment* env) {
      // overwrite new NODE_OPTIONS without unsupported variables
      env->SetVar("NODE_OPTIONS", options);
    } else {
-      LOG(ERROR) << "NODE_OPTIONS have been disabled in this app";
-      env->SetVar("NODE_OPTIONS", "");
+      LOG(WARNING) << "NODE_OPTIONS ignored due to disabled nodeOptions fuse.";
+      env->UnSetVar("NODE_OPTIONS");
    }
  }
 }