Make the enableUnixSockets to be false by default

sindresorhus · sindresorhus · commit 852c312468d4 · 2023-05-27T21:12:05.000+07:00
diff --git a/documentation/2-options.md b/documentation/2-options.md
@@ -944,9 +944,9 @@ As the [specification](https://tools.ietf.org/html/rfc7231#section-6.4) prefers
 ### `enableUnixSockets`
 
 **Type: `boolean`**\
-**Default: `true`**
+**Default: `false`**
 
-When enabled, requests can also be sent via [UNIX Domain Sockets](https://serverfault.com/questions/124517/what-is-the-difference-between-unix-sockets-and-tcp-ip-sockets). Please note that in the upcoming major release (Got v13) this default will be changed to `false` for security reasons.
+When enabled, requests can also be sent via [UNIX Domain Sockets](https://serverfault.com/questions/124517/what-is-the-difference-between-unix-sockets-and-tcp-ip-sockets).
 
 > **Warning**
 > Make sure you do your own URL sanitizing if you accept untrusted user input for the URL.
@@ -965,11 +965,10 @@ await got('http://unix:/var/run/docker.sock:/containers/json', {enableUnixSocket
 // Or without protocol (HTTP by default)
 await got('unix:/var/run/docker.sock:/containers/json', {enableUnixSockets: true});
 
-// Disable Unix sockets
-const gotUnixSocketsDisabled = got.extend({enableUnixSockets: false});
+// Enable Unix sockets for the whole instance.
+const gotWithUnixSockets = got.extend({enableUnixSockets: true});
 
-// RequestError: Using UNIX domain sockets but option `enableUnixSockets` is not enabled
-await gotUnixSocketsDisabled('http://unix:/var/run/docker.sock:/containers/json');
+await gotWithUnixSockets('http://unix:/var/run/docker.sock:/containers/json');
 ```
 
 ## Methods
diff --git a/source/core/options.ts b/source/core/options.ts
@@ -827,7 +827,7 @@ const defaultInternals: Options['_internals'] = {
 	setHost: true,
 	maxHeaderSize: undefined,
 	signal: undefined,
-	enableUnixSockets: true,
+	enableUnixSockets: false,
 };
 
 const cloneInternals = (internals: typeof defaultInternals) => {
diff --git a/test/redirects.ts b/test/redirects.ts
@@ -46,14 +46,16 @@ test('cannot redirect to UNIX protocol when UNIX sockets are enabled', withServe
 	server.get('/protocol', unixProtocol);
 	server.get('/hostname', unixHostname);
 
-	t.true(got.defaults.options.enableUnixSockets);
+	const gotUnixSocketsEnabled = got.extend({enableUnixSockets: true});
 
-	await t.throwsAsync(got('protocol'), {
+	t.true(gotUnixSocketsEnabled.defaults.options.enableUnixSockets);
+
+	await t.throwsAsync(gotUnixSocketsEnabled('protocol'), {
 		message: 'Cannot redirect to UNIX socket',
 		instanceOf: RequestError,
 	});
 
-	await t.throwsAsync(got('hostname'), {
+	await t.throwsAsync(gotUnixSocketsEnabled('hostname'), {
 		message: 'Cannot redirect to UNIX socket',
 		instanceOf: RequestError,
 	});
diff --git a/test/unix-socket.ts b/test/unix-socket.ts
@@ -2,9 +2,11 @@ import process from 'process';
 import {format} from 'util';
 import test from 'ava';
 import type {Handler} from 'express';
-import got from '../source/index.js';
+import baseGot from '../source/index.js';
 import {withSocketServer} from './helpers/with-server.js';
 
+const got = baseGot.extend({enableUnixSockets: true});
+
 const okHandler: Handler = (_request, response) => {
 	response.end('ok');
 };
@@ -21,7 +23,7 @@ if (process.platform !== 'win32') {
 		server.on('/', okHandler);
 
 		const url = format('http://unix:%s:%s', server.socketPath, '/');
-		t.is((await got(url)).body, 'ok');
+		t.is((await got(url, {})).body, 'ok');
 	});
 
 	test('protocol-less works', withSocketServer, async (t, server) => {
