feat: add admin setting to bypass SSL certificate validation for Outlook calendar#3191
Merged
jeanfbrito merged 5 commits intodevfrom Feb 5, 2026
Merged
feat: add admin setting to bypass SSL certificate validation for Outlook calendar#3191jeanfbrito merged 5 commits intodevfrom
jeanfbrito merged 5 commits intodevfrom
Conversation
…ook calendar
Add `allowInsecureOutlookConnections` setting for air-gapped environments
where Exchange servers use self-signed or internal CA certificates.
Configurable via overridden-settings.json:
{ "allowInsecureOutlookConnections": true }
Changes:
- Add new reducer for the setting (defaults to false)
- Apply setting to both Exchange (XhrApi) and Rocket.Chat (axios) connections
- Reuse single HTTPS agent per sync for better performance
- Fix missing await on createEventOnRocketChatServer call
Contributor
WalkthroughAdds support for insecure HTTPS connections (bypassing SSL certificate validation) for Outlook calendar integrations through an optional allowInsecureOutlookConnections flag, managed via Redux state and propagated through API calls using custom HTTPS agents. Changes
Sequence DiagramsequenceDiagram
participant App as Application
participant Redux as Redux Store
participant Sync as Sync Process
participant Outlook as Outlook API
participant RC as Rocket.Chat Server
App->>App: Load merged override settings
App->>App: Compute allowInsecureOutlookConnections
App->>Redux: Dispatch APP_SETTINGS_LOADED<br/>(with allowInsecureOutlookConnections)
Redux->>Redux: Update allowInsecureOutlookConnections state
Note over App,Redux: Settings persisted in Redux
App->>Sync: Trigger sync (allowInsecureOutlookConnections flag)
alt allowInsecure = true
Sync->>Sync: Create insecure httpsAgent<br/>(rejectUnauthorized: false)
else allowInsecure = false
Sync->>Sync: Use default https agent
end
Sync->>Outlook: getOutlookEvents(allowInsecure)
Outlook->>Outlook: Configure XhrApi with SSL setting
Outlook-->>Sync: Return appointments
Sync->>RC: syncEvents(httpsAgent)
RC-->>Sync: Sync complete
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@src/outlookCalendar/ipc.ts`:
- Line 1: The flag allowInsecureOutlookConnections is intended for Outlook only
but the insecure httpsAgent (rejectUnauthorized: false) is currently being
passed into Rocket.Chat API requests too; remove the httpsAgent plumbing from
any Rocket.Chat API calls (wherever httpsAgent is injected/forwarded into the
Rocket.Chat request code) so that only Outlook-related code uses
allowInsecureOutlookConnections, or alternatively introduce a separate explicit
config (e.g., allowInsecureRocketChatConnections) and gate the httpsAgent behind
that new setting; update usages of httpsAgent, the checks against
allowInsecureOutlookConnections, and any functions that build/forward the agent
so Rocket.Chat requests no longer inherit the Outlook-only insecure agent unless
a new explicit setting is provided.
macOS installer download |
The setting was being persisted to config.json, which meant once set to true it would stay true even after removing from overridden-settings.json. Changes: - Remove from PersistableValues type and migrations - Remove from selectPersistableValues selector - Explicitly read from override files on each app start - Accept case-insensitive "true" values for robustness - Always defaults to false when key is missing This ensures admins have full control over the setting in air-gapped environments where remote debugging is not possible.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
allowInsecureOutlookConnectionsadmin setting for air-gapped environments where Exchange servers use self-signed or internal CA certificatesConfiguration
Admins can enable this via
overridden-settings.json:{ "allowInsecureOutlookConnections": true }File locations:
%APPDATA%/Rocket.Chat/overridden-settings.json~/Library/Application Support/Rocket.Chat/overridden-settings.json~/.config/Rocket.Chat/overridden-settings.jsonCORE-1363
Summary by CodeRabbit
New Features
Chores