Make --allow-insecure-host a global option (#8476)

Not verifying the certificates of certain hosts should be supported for
all kinds of HTTPS connections, so we're making it a global option, just
like native tls. This fixes the remaining places using a client but were
not configuring allow insecure host.

Fixes #6983 (i think)
Closes #6983

---------

Co-authored-by: Charlie Marsh <[email protected]>

crates/uv-cli/src/lib.rs

@@ -205,6 +205,26 @@ pub struct GlobalArgs {
     #[arg(global = true, long, overrides_with("offline"), hide = true)]
     pub no_offline: bool,
 
+    /// Allow insecure connections to a host.
+    ///
+    /// Can be provided multiple times.
+    ///
+    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
+    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
+    ///
+    /// WARNING: Hosts included in this list will not be verified against the system's certificate
+    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
+    /// bypasses SSL verification and could expose you to MITM attacks.
+    #[arg(
+        global = true,
+        long,
+        alias = "trusted-host",
+        env = EnvVars::UV_INSECURE_HOST,
+        value_delimiter = ' ',
+        value_parser = parse_insecure_host,
+    )]
+    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
+
     /// Whether to enable experimental, preview features.
     ///
     /// Preview features may change without warning.
@@ -1768,25 +1788,6 @@ pub struct PipUninstallArgs {
     #[arg(long, value_enum, env = EnvVars::UV_KEYRING_PROVIDER)]
     pub keyring_provider: Option<KeyringProviderType>,
 
-    /// Allow insecure connections to a host.
-    ///
-    /// Can be provided multiple times.
-    ///
-    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
-    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
-    ///
-    /// WARNING: Hosts included in this list will not be verified against the system's certificate
-    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
-    /// bypasses SSL verification and could expose you to MITM attacks.
-    #[arg(
-        long,
-        alias = "trusted-host",
-        env = EnvVars::UV_INSECURE_HOST,
-        value_delimiter = ' ',
-        value_parser = parse_insecure_host,
-    )]
-    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
-
     /// Use the system Python to uninstall packages.
     ///
     /// By default, uv uninstalls from the virtual environment in the current working directory or
@@ -2370,25 +2371,6 @@ pub struct VenvArgs {
     #[arg(long, value_enum, env = EnvVars::UV_KEYRING_PROVIDER)]
     pub keyring_provider: Option<KeyringProviderType>,
 
-    /// Allow insecure connections to a host.
-    ///
-    /// Can be provided multiple times.
-    ///
-    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
-    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
-    ///
-    /// WARNING: Hosts included in this list will not be verified against the system's certificate
-    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
-    /// bypasses SSL verification and could expose you to MITM attacks.
-    #[arg(
-        long,
-        alias = "trusted-host",
-        env = EnvVars::UV_INSECURE_HOST,
-        value_delimiter = ' ',
-        value_parser = parse_insecure_host,
-    )]
-    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
-
     /// Limit candidate packages to those that were uploaded prior to the given date.
     ///
     /// Accepts both RFC 3339 timestamps (e.g., `2006-12-02T02:07:43Z`) and local dates in the same
@@ -4284,26 +4266,6 @@ pub struct InstallerArgs {
     )]
     pub keyring_provider: Option<KeyringProviderType>,
 
-    /// Allow insecure connections to a host.
-    ///
-    /// Can be provided multiple times.
-    ///
-    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
-    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
-    ///
-    /// WARNING: Hosts included in this list will not be verified against the system's certificate
-    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
-    /// bypasses SSL verification and could expose you to MITM attacks.
-    #[arg(
-        long,
-        alias = "trusted-host",
-        env = EnvVars::UV_INSECURE_HOST,
-        value_delimiter = ' ',
-        value_parser = parse_insecure_host,
-        help_heading = "Index options"
-    )]
-    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
-
     /// Settings to pass to the PEP 517 build backend, specified as `KEY=VALUE` pairs.
     #[arg(
         long,
@@ -4446,26 +4408,6 @@ pub struct ResolverArgs {
     )]
     pub keyring_provider: Option<KeyringProviderType>,
 
-    /// Allow insecure connections to a host.
-    ///
-    /// Can be provided multiple times.
-    ///
-    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
-    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
-    ///
-    /// WARNING: Hosts included in this list will not be verified against the system's certificate
-    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
-    /// bypasses SSL verification and could expose you to MITM attacks.
-    #[arg(
-        long,
-        alias = "trusted-host",
-        env = EnvVars::UV_INSECURE_HOST,
-        value_delimiter = ' ',
-        value_parser = parse_insecure_host,
-        help_heading = "Index options"
-    )]
-    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
-
     /// The strategy to use when selecting between the different compatible versions for a given
     /// package requirement.
     ///
@@ -4638,26 +4580,6 @@ pub struct ResolverInstallerArgs {
     )]
     pub keyring_provider: Option<KeyringProviderType>,
 
-    /// Allow insecure connections to a host.
-    ///
-    /// Can be provided multiple times.
-    ///
-    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
-    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
-    ///
-    /// WARNING: Hosts included in this list will not be verified against the system's certificate
-    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
-    /// bypasses SSL verification and could expose you to MITM attacks.
-    #[arg(
-        long,
-        alias = "trusted-host",
-        env = EnvVars::UV_INSECURE_HOST,
-        value_delimiter = ' ',
-        value_parser = parse_insecure_host,
-        help_heading = "Index options"
-    )]
-    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
-
     /// The strategy to use when selecting between the different compatible versions for a given
     /// package requirement.
     ///
@@ -4864,25 +4786,6 @@ pub struct PublishArgs {
     #[arg(long, value_enum, env = EnvVars::UV_KEYRING_PROVIDER)]
     pub keyring_provider: Option<KeyringProviderType>,
 
-    /// Allow insecure connections to a host.
-    ///
-    /// Can be provided multiple times.
-    ///
-    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
-    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
-    ///
-    /// WARNING: Hosts included in this list will not be verified against the system's certificate
-    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
-    /// bypasses SSL verification and could expose you to MITM attacks.
-    #[arg(
-        long,
-        alias = "trusted-host",
-        env = EnvVars::UV_INSECURE_HOST,
-        value_delimiter = ' ',
-        value_parser = parse_insecure_host,
-    )]
-    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
-
     /// Check an index URL for existing files to skip duplicate uploads.
     ///
     /// This option allows retrying publishing that failed after only some, but not all files have

crates/uv-cli/src/options.rs

@@ -40,7 +40,6 @@ impl From<ResolverArgs> for PipOptions {
             upgrade_package,
             index_strategy,
             keyring_provider,
-            allow_insecure_host,
             resolution,
             prerelease,
             pre,
@@ -58,12 +57,6 @@ impl From<ResolverArgs> for PipOptions {
             upgrade_package: Some(upgrade_package),
             index_strategy,
             keyring_provider,
-            allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
-                allow_insecure_host
-                    .into_iter()
-                    .filter_map(Maybe::into_option)
-                    .collect()
-            }),
             resolution,
             prerelease: if pre {
                 Some(PrereleaseMode::Allow)
@@ -91,7 +84,6 @@ impl From<InstallerArgs> for PipOptions {
             reinstall_package,
             index_strategy,
             keyring_provider,
-            allow_insecure_host,
             config_setting,
             no_build_isolation,
             build_isolation,
@@ -107,12 +99,6 @@ impl From<InstallerArgs> for PipOptions {
             reinstall_package: Some(reinstall_package),
             index_strategy,
             keyring_provider,
-            allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
-                allow_insecure_host
-                    .into_iter()
-                    .filter_map(Maybe::into_option)
-                    .collect()
-            }),
             config_settings: config_setting
                 .map(|config_settings| config_settings.into_iter().collect::<ConfigSettings>()),
             no_build_isolation: flag(no_build_isolation, build_isolation),
@@ -137,7 +123,6 @@ impl From<ResolverInstallerArgs> for PipOptions {
             reinstall_package,
             index_strategy,
             keyring_provider,
-            allow_insecure_host,
             resolution,
             prerelease,
             pre,
@@ -159,12 +144,6 @@ impl From<ResolverInstallerArgs> for PipOptions {
             reinstall_package: Some(reinstall_package),
             index_strategy,
             keyring_provider,
-            allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
-                allow_insecure_host
-                    .into_iter()
-                    .filter_map(Maybe::into_option)
-                    .collect()
-            }),
             resolution,
             prerelease: if pre {
                 Some(PrereleaseMode::Allow)
@@ -235,7 +214,6 @@ pub fn resolver_options(
         upgrade_package,
         index_strategy,
         keyring_provider,
-        allow_insecure_host,
         resolution,
         prerelease,
         pre,
@@ -289,12 +267,6 @@ pub fn resolver_options(
         upgrade_package: Some(upgrade_package),
         index_strategy,
         keyring_provider,
-        allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
-            allow_insecure_host
-                .into_iter()
-                .filter_map(Maybe::into_option)
-                .collect()
-        }),
         resolution,
         prerelease: if pre {
             Some(PrereleaseMode::Allow)
@@ -331,7 +303,6 @@ pub fn resolver_installer_options(
         reinstall_package,
         index_strategy,
         keyring_provider,
-        allow_insecure_host,
         resolution,
         prerelease,
         pre,
@@ -397,12 +368,6 @@ pub fn resolver_installer_options(
         },
         index_strategy,
         keyring_provider,
-        allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
-            allow_insecure_host
-                .into_iter()
-                .filter_map(Maybe::into_option)
-                .collect()
-        }),
         resolution,
         prerelease: if pre {
             Some(PrereleaseMode::Allow)