How to ignore ssl certificate warning or pass a self signed certificate (from inside gruntfile) during accessibility automation?

Question

I am using the grunt-accessibility plugins to automate the reporting for accessibility errors. It works fine for normally, but when I try it on a site which has a self signed certificate (the kind which shows an interim page with some certificate security warning and a link to continue to the site if you still wish to), it reports the error on that interim page itself which is, of course an empty page:

<html>
    <head></head>
    <body></body>
</html>

Obviously I want to bypass this interim page and run accessibility on the actual page.

What I was trying?

I had tried the following (found from googling and from other SO's Q&A):

1. The infamous hack

    npm set strict-ssl false 

2. Adding the imported certification path

    npm config set cafile="C:\\path\\to\\cert.cer" 

3. Adding process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0" (see Grunfile below)

From what I gather, grunt-accessibility uses AccessSniff which in turn uses phantomjs . Now, phantomjs has options to ignore such warnings by

--ignore-ssl-errors=[true|false] ignores SSL errors, such as expired or self-signed certificate errors (default is false).

Above is the CLI options, which I am not able to pass from Grunfile.js . Can someone help me resolve or suggest another approach for the issue.

This is my Gruntfile.js:

module.exports = grunt => {
  process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";

  grunt.initConfig({
    phantomjs: {
      // default: {
        options: {
          "ignore-ssl-errors": true,
          // tested here with different instructions as per comments 
          // below from users on this site, such as
          // "--ignore-ssl-errors": true (-- hyphen)
          // "ignore-ssl-errors": "true" ("true" as string)
          "ssl-protocol": "any",
          "ssl-certificates-path": "C:/path/to/cert.cer"
        }
      // }
    },
    accessibility: {
      options: {
        force: true,
        accessibilityLevel: 'WCAG2AAA',
        browser: true // tested with both true/false, i.e. opt for phantomjs/jsDom
      },
      test: {
        options: {
          urls: ['https://self-signed.badssl.com/']
        },
        src: ['example/test.html']
      }
    }
  });

  grunt.loadNpmTasks('grunt-accessibility');
  grunt.registerTask('default', ['accessibility']);
};

PS:

• test url is an actual self-signed ssl site, so you can copy/paste the above code and test it

• only dependencies in package.json

   "devDependencies": { "grunt": "^1.0.1", "grunt-accessibility": "^5.0.0" } 

• node version v.8.9.0

Answer 1

I don't think you can directly affect how PhantomJS is called from within another Grunt plugin within your own Gruntfile .

If I'm not mistaken, the only solution is to either commit a change to the grunt-accessibility package that passes an ignore-ssl-errors option (in the the options you pass to grunt-accessibility) upstream to PhantomJS; or to intercept the call to PhantomJS and inject the ignore-ssl-errors option.

I think the second solution will be the quickest and most expedient. You'd have to either manually modify the entry point (either node_modules/.bin/phantomjs or node_modules/phantomjs/index.js ) or write a pre-run script that would modify it. In the modified .js file, you'd inject the ignore-ssl-errors by adding code to the top of the file that appends it to the process.argv array:

process.argv.push("--ignore-ssl-errors=true");

Answer 2

I always use the strict-ssl command but with a small difference.

Try to insert a config in your command

There will be like npm config set strict-ssl false

Hope this help you.