You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
it appears that originSet always reports the current origin (servername from the TLS socket). I suspect that it was originally planned to reflect the Origin frame if the spec were to ever land. So currently originSet is not much use in practical use cases.
However, the session.socket.getPeerCertificate().subjectaltname does provide the available SANs on the connected certificate. I would propose that a new ContextOption that allows trusting TLS certificate without DNS lookup (or allow for DNS lookup as an elevated situation)
As described here: https://nodejs.org/dist/latest-v9.x/docs/api/http2.html#http2_http2session_originset
The text was updated successfully, but these errors were encountered: