ember s + fastboot + ssl + self-signed cert == :(

Scenario: developing an ember app with SSL turned on. Using a self-signed cert for development.

Client-rendering works just fine as you can trust the cert for development. However, fastboot will use najax to make the request. With the proxy url being https najax will failed with Error: self signed certificate.

there are several potential solutions explained here: http://stackoverflow.com/questions/20433287/node-js-request-cert-has-expired/29397100#29397100

however, because najax is being run within the sandbox vm we don’t have access to process.env to use the unrecommended process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; override. Also, if we anted to add the PEM buffer to najax’s options as a new CA we don’t have access to the file system to create that buffer.

One temporary solution (for those that might hit this)

Within the development environment scope in config/environment.js we have added:

// localhost:4000 is the address of our locally running API server
ENV.fastboot.hostWhitelist.push('http://localhost:4000');
ENV.fastboot.apiHost = 'http://localhost:4000';

then we injected the FastBoot service into the application adapter and made the adapter’s host property a CP:

fastboot: inject(),
host: computed(function() {
  let host;

  if (get(this, 'fastboot.isFastBoot')) {
    host = config.fastboot.apiHost;
  }

  return host || config.apiHost;
})

Another solution is to set the rejectUnauthorized in the request options being passed to najax. You’ll have to override ajaxOptions on your adapter:

ajaxOptions() {
  let hash = this._super(...arguments);
  hash.rejectUnauthorized = false;
}

Hopefully that helps others. But I would advocate for a more permanent solution that respected how najax wants to make requests for ssl.

One potential fix for this is to set the rejectUnauthorized flag for the options passed to najax. This could be limited to the development environment only: https://nodejs.org/api/tls.html#tls_tls_connect_options_callback