Connection with an unsecure HTTP communication detected.

  • Rule ID: javascript_lang_http_insecure
  • Languages: javascript
  • Source: http_insecure.yml

Description

Applications should only connect to API using HTTPS connections. This rule checks that all HTTP connections use HTTPS.

❌ Avoid using unsecured outgoing HTTP communication, especially in the context of API calls:

const response = axios.get('http://insecure-api.com')

✅ Ensure to always connect though HTTPS:

const response = axios.get('https://secure-api.com')

Resources

Associated CWE

OWASP Top 10

Ready to take the next step? Join the Bearer Cloud waitlist.