The copyright and license notice is already in the LICENSE file. There
is no justifiable reason to also require that it be included in every
file, since the individual files are not individually distributed except
as part of the entire package.
Update the tls and https tests to explicitly set rejectUnauthorized instead of
relying on the NODE_TLS_REJECT_UNAUTHORIZED environment variable getting set.
This commit changes the default value of the rejectUnauthorized option from
false to true.
What that means is that tls.connect(), https.get() and https.request() will
reject invalid server certificates from now on, including self-signed
certificates.
There is an escape hatch: if you set the NODE_TLS_REJECT_UNAUTHORIZED
environment variable to the literal string "0", node.js reverts to its
old behavior.
Fixes#3949.
isaacs
Ben Noordhuis
Colton Baker
Ryan Dahl