Skip to content

Insecure flag

Insecure Flag

Introduced in v0.9.0

Default: false

The optional -insec [false|true] or --insecure [false|true] flag exists to encourage "secure by default" practices by encouraging the sending of span only to https:// endpoints. However, tracepusher does still work with http:// endpoints.

The --insecure flag affects whether or not tracepusher will connect to insecure http:// endpoints or not.

The --insecure flag operation differs by version.

v0.8.*

The --insecure is not available

v0.9.*

The --insecure flag defaults to false with the intention of meaning insecure endpoints are not allowed. However, to provide ample migration time for end users, the behaviour is as follows:

--insecure flag is omitted

This is the expected behaviour of everyone migrating from v0.8 to v0.9.

The flag defaults to false BUT will still allow http:// endpoints, just like before.

Tracepusher will emit a soft WARNING message to inform users of the upcoming breaking change, like this:

WARN: --insecure flag is omitted or is set to false. Prior to v1.0 tracepusher still works as expected (span is sent). In v1.0 and above, you MUST set '--insecure true' if you want to send to an http:// endpoint. See https://github.com/agardnerIT/tracepusher/issues/78

--insecure flag is explicitly set to false

From v0.9 upwards, users are encouraged to get into the best practice habit of explicitly setting this to false or true.

Otherwise, for v0.9.*, the behaviour is as above.

v1.0

If the --insecure flag is omitted or explicitly set to false, calls to http:// endpoints will be BLOCKED.

Calls to http:// endpoints MUST be accompanied with the --insecure true flag or calls will be blocked with this error:

ERROR: Endpoint is http:// (insecure). You MUST set '--insecure true'. Span has NOT been sent.