js_fetch_protocols
The js_fetch_protocols directive sets the protocols to use for fetching data in NGINX JavaScript context.
Description
The js_fetch_protocols directive specifies the protocols that NGINX JavaScript (NJS) will utilize for fetching external resources. This directive is especially relevant in scenarios where NJS scripts need to retrieve data, such as from APIs or other web services. Each protocol listed is permissible when the NJS runtime executes these fetch operations, defining how the client (in this context, NGINX) interacts with upstream servers or external URLs.
The directive supports multiple arguments, allowing you to specify one or more protocols. Commonly used protocols include http, https, and ws (WebSocket). When the NJS script attempts a fetch operation, it will only consider the protocols specified in js_fetch_protocols. This can be beneficial for controlling security and functionality by limiting the types of connections that can be established, ensuring compliance with security policies and architectural decisions.
Due to support for multiple protocols, users can fine-tune their configuration to suit various operational requirements. For instance, if a setup uses only secure connections to external services, the directive can be restricted to https and wss, thereby preventing misuse of insecure protocols. Furthermore, keeping the list concise helps in reducing any potential attack vectors opened by unnecessary protocol exposure.
Config Example
stream {
server {
listen 5000;
js_fetch_protocols https http;
}
}Ensure that the specified protocols are supported by the backend services to avoid fetch failures.
Using unsupported protocols can lead to unexpected behavior or runtime errors in NJS scripts.