Remove allow insecure host from ResolverInstallerArgs

astral-sh · Oct 25, 2024 · 470ad45 · 470ad45
1 parent cf3aed5
commit 470ad45
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 35 deletions.
diff --git a/crates/uv-cli/src/lib.rs b/crates/uv-cli/src/lib.rs
@@ -4375,26 +4375,6 @@ pub struct ResolverInstallerArgs {
     )]
     pub keyring_provider: Option<KeyringProviderType>,
 
-    /// Allow insecure connections to a host.
-    ///
-    /// Can be provided multiple times.
-    ///
-    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
-    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
-    ///
-    /// WARNING: Hosts included in this list will not be verified against the system's certificate
-    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
-    /// bypasses SSL verification and could expose you to MITM attacks.
-    #[arg(
-        long,
-        alias = "trusted-host",
-        env = EnvVars::UV_INSECURE_HOST,
-        value_delimiter = ' ',
-        value_parser = parse_insecure_host,
-        help_heading = "Index options"
-    )]
-    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
-
     /// The strategy to use when selecting between the different compatible versions for a given
     /// package requirement.
     ///

diff --git a/crates/uv-cli/src/options.rs b/crates/uv-cli/src/options.rs
@@ -123,7 +123,6 @@ impl From<ResolverInstallerArgs> for PipOptions {
             reinstall_package,
             index_strategy,
             keyring_provider,
-            allow_insecure_host,
             resolution,
             prerelease,
             pre,
@@ -145,12 +144,7 @@ impl From<ResolverInstallerArgs> for PipOptions {
             reinstall_package: Some(reinstall_package),
             index_strategy,
             keyring_provider,
-            allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
-                allow_insecure_host
-                    .into_iter()
-                    .filter_map(Maybe::into_option)
-                    .collect()
-            }),
+            allow_insecure_host: None,
             resolution,
             prerelease: if pre {
                 Some(PrereleaseMode::Allow)
@@ -310,7 +304,6 @@ pub fn resolver_installer_options(
         reinstall_package,
         index_strategy,
         keyring_provider,
-        allow_insecure_host,
         resolution,
         prerelease,
         pre,
@@ -376,12 +369,7 @@ pub fn resolver_installer_options(
         },
         index_strategy,
         keyring_provider,
-        allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
-            allow_insecure_host
-                .into_iter()
-                .filter_map(Maybe::into_option)
-                .collect()
-        }),
+        allow_insecure_host: None,
         resolution,
         prerelease: if pre {
             Some(PrereleaseMode::Allow)

diff --git a/docs/reference/settings.md b/docs/reference/settings.md
@@ -329,7 +329,6 @@ bypasses SSL verification and could expose you to MITM attacks.
 === "uv.toml"
 
     ```toml
-
     allow-insecure-host = ["localhost:8080"]
     ```
-Original file line number
+Diff line change
@@ Expand Up @@
     === "uv.toml"
         ```toml
         allow-insecure-host = ["localhost:8080"]
         ```
@@ Expand Down @@