Conditionally disable the TLS unauthorized cert check based on REDIS_URL (#17978)

* Conditionally disable the TLS unauthorized cert check based on REDIS_URL * Update middleware/rate-limit.js
2021-02-24 17:35:39 -06:00 · 2021-02-24 17:35:39 -06:00 · e94b52d7b5
--- a/lib/redis-accessor.js
+++ b/lib/redis-accessor.js
@ -26,9 +26,14 @@ class RedisAccessor {
      ? new Redis(REDIS_URL, {
          ...redisBaseOptions,
          db: databaseNumber,
-          tls: {
-            // Required for production Heroku Redis
-            rejectUnauthorized: false
+
+          // Only add this configuration for TLS-enabled REDIS_URL values.
+          // Otherwise, it breaks for local Redis instances without TLS enabled.
+          ...REDIS_URL.startsWith('rediss://') && {
+            tls: {
+              // Required for production Heroku Redis
+              rejectUnauthorized: false
+            }
          }
        })
      : new InMemoryRedis()
--- a/middleware/rate-limit.js
+++ b/middleware/rate-limit.js
@ -19,9 +19,14 @@ module.exports = rateLimit({
  store: REDIS_URL && new RedisStore({
    client: new Redis(REDIS_URL, {
      db: rateLimitDatabaseNumber,
-      tls: {
-        // Required for production Heroku Redis
-        rejectUnauthorized: false
+
+      // Only add this configuration for TLS-enabled REDIS_URL values.
+      // Otherwise, it breaks for local Redis instances without TLS enabled.
+      ...REDIS_URL.startsWith('rediss://') && {
+        tls: {
+          // Required for production Heroku Redis
+          rejectUnauthorized: false
+        }
      }
    }),
    // 1 minute (or practically unlimited outside of production)
--- a/script/purge-redis-pages.js
+++ b/script/purge-redis-pages.js
@ -44,9 +44,14 @@ purgeRenderedPageCache()
 function purgeRenderedPageCache () {
  const redisClient = new Redis(REDIS_URL, {
    db: pageCacheDatabaseNumber,
-    tls: {
-      // Required for production Heroku Redis
-      rejectUnauthorized: false
+
+    // Only add this configuration for TLS-enabled REDIS_URL values.
+    // Otherwise, it breaks for local Redis instances without TLS enabled.
+    ...REDIS_URL.startsWith('rediss://') && {
+      tls: {
+        // Required for production Heroku Redis
+        rejectUnauthorized: false
+      }
    }
  })
  let totalKeyCount = 0