Conditionally disable the TLS unauthorized cert check based on REDIS_…

…URL (#17978) * Conditionally disable the TLS unauthorized cert check based on REDIS_URL * Update middleware/rate-limit.js
github · Feb 24, 2021 · e94b52d · e94b52d
1 parent 63cf0c8
commit e94b52d
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 9 deletions.
diff --git a/lib/redis-accessor.js b/lib/redis-accessor.js
@@ -26,9 +26,14 @@ class RedisAccessor {
       ? new Redis(REDIS_URL, {
           ...redisBaseOptions,
           db: databaseNumber,
-          tls: {
-            // Required for production Heroku Redis
-            rejectUnauthorized: false
+
+          // Only add this configuration for TLS-enabled REDIS_URL values.
+          // Otherwise, it breaks for local Redis instances without TLS enabled.
+          ...REDIS_URL.startsWith('rediss://') && {
+            tls: {
+              // Required for production Heroku Redis
+              rejectUnauthorized: false
+            }
           }
         })
       : new InMemoryRedis()

diff --git a/middleware/rate-limit.js b/middleware/rate-limit.js
@@ -19,9 +19,14 @@ module.exports = rateLimit({
   store: REDIS_URL && new RedisStore({
     client: new Redis(REDIS_URL, {
       db: rateLimitDatabaseNumber,
-      tls: {
-        // Required for production Heroku Redis
-        rejectUnauthorized: false
+
+      // Only add this configuration for TLS-enabled REDIS_URL values.
+      // Otherwise, it breaks for local Redis instances without TLS enabled.
+      ...REDIS_URL.startsWith('rediss://') && {
+        tls: {
+          // Required for production Heroku Redis
+          rejectUnauthorized: false
+        }
       }
     }),
     // 1 minute (or practically unlimited outside of production)

diff --git a/script/purge-redis-pages.js b/script/purge-redis-pages.js
@@ -44,9 +44,14 @@ purgeRenderedPageCache()
 function purgeRenderedPageCache () {
   const redisClient = new Redis(REDIS_URL, {
     db: pageCacheDatabaseNumber,
-    tls: {
-      // Required for production Heroku Redis
-      rejectUnauthorized: false
+
+    // Only add this configuration for TLS-enabled REDIS_URL values.
+    // Otherwise, it breaks for local Redis instances without TLS enabled.
+    ...REDIS_URL.startsWith('rediss://') && {
+      tls: {
+        // Required for production Heroku Redis
+        rejectUnauthorized: false
+      }
     }
   })
   let totalKeyCount = 0