From 718083a689c4102e13dbff19a6fffd30ea14520f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 12 Apr 2026 12:04:27 +0000
Subject: [PATCH 1/4] Initial plan


From 28ffbcd8897ab637da5e20ee12a06066b4e6d4ad Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 12 Apr 2026 12:07:00 +0000
Subject: [PATCH 2/4] feat: add rejectUnauthorized to RequestOptions interface

Move rejectUnauthorized from the private UrllibRequestOptions interface
to the public RequestOptions type, making it available to all users of
the library without needing to create a custom HttpClient.

Agent-Logs-Url: https://github.com/node-modules/urllib/sessions/a83a8fb1-4491-44da-aa68-7bf7d05a4ad4

Co-authored-by: fengmk2 <156269+fengmk2@users.noreply.github.com>
---
 src/Request.ts | 6 ++++++
 src/index.ts   | 6 ------
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Request.ts b/src/Request.ts
index 0d91a8d6..66c20da8 100644
--- a/src/Request.ts
+++ b/src/Request.ts
@@ -161,6 +161,12 @@ export type RequestOptions = {
   /** Default: `64 KiB` */
   highWaterMark?: number;
   signal?: AbortSignal | EventEmitter;
+  /**
+   * If `true`, the server certificate is verified against the list of supplied CAs.
+   * An 'error' event is emitted if verification fails.
+   * Default: `true`
+   */
+  rejectUnauthorized?: boolean;
 };
 
 export type RequestMeta = {
diff --git a/src/index.ts b/src/index.ts
index 525679bb..b94e70d5 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -50,12 +50,6 @@ export function getDefaultHttpClient(rejectUnauthorized?: boolean, allowH2?: boo
 }
 
 interface UrllibRequestOptions extends RequestOptions {
-  /**
-   * If `true`, the server certificate is verified against the list of supplied CAs.
-   * An 'error' event is emitted if verification fails.
-   * Default: `true`
-   */
-  rejectUnauthorized?: boolean;
   /** Allow to use HTTP2 first. Default is `false` */
   allowH2?: boolean;
 }

From 701a8e07a781ab9e5a1af3521774169e7c0e0642 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 16 Apr 2026 11:49:06 +0000
Subject: [PATCH 3/4] test: add type check unit test for rejectUnauthorized on
 RequestOptions

Agent-Logs-Url: https://github.com/node-modules/urllib/sessions/2e15ca49-d44d-4289-a8a5-330ea939ca53

Co-authored-by: fengmk2 <156269+fengmk2@users.noreply.github.com>
---
 ...tions.rejectUnauthorized.typecheck.test.ts | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 test/options.rejectUnauthorized.typecheck.test.ts

diff --git a/test/options.rejectUnauthorized.typecheck.test.ts b/test/options.rejectUnauthorized.typecheck.test.ts
new file mode 100644
index 00000000..15618c95
--- /dev/null
+++ b/test/options.rejectUnauthorized.typecheck.test.ts
@@ -0,0 +1,48 @@
+import { strict as assert } from 'node:assert';
+
+import { describe, it, beforeAll, afterAll } from 'vite-plus/test';
+
+import urllib from '../src/index.js';
+import type { RequestOptions } from '../src/index.js';
+import { startServer } from './fixtures/server.js';
+
+describe('options.rejectUnauthorized.typecheck.test.ts', () => {
+  let close: any;
+  let _url: string;
+  beforeAll(async () => {
+    const { closeServer, url } = await startServer({ https: true });
+    close = closeServer;
+    _url = url;
+  });
+
+  afterAll(async () => {
+    await close();
+  });
+
+  it('should accept rejectUnauthorized on RequestOptions type', async () => {
+    // Type check: rejectUnauthorized should be assignable on RequestOptions
+    const options: RequestOptions = {
+      rejectUnauthorized: false,
+      dataType: 'json',
+    };
+    const response = await urllib.request(_url, options);
+    assert.equal(response.status, 200);
+    assert.equal(response.data.method, 'GET');
+  });
+
+  it('should accept rejectUnauthorized = true on RequestOptions type', async () => {
+    const options: RequestOptions = {
+      rejectUnauthorized: true,
+      dataType: 'json',
+    };
+    await assert.rejects(
+      async () => {
+        await urllib.request(_url, options);
+      },
+      (err: any) => {
+        assert.match(err.message, /signed certificate/);
+        return true;
+      },
+    );
+  });
+});

From bca3315f3f5036a7c8334ede8f864a3b4c217fdc Mon Sep 17 00:00:00 2001
From: "MK (fengmk2)" <fengmk2@gmail.com>
Date: Thu, 16 Apr 2026 22:33:43 +0800
Subject: [PATCH 4/4] Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: MK (fengmk2) <fengmk2@gmail.com>
---
 src/Request.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/Request.ts b/src/Request.ts
index 66c20da8..4e008a50 100644
--- a/src/Request.ts
+++ b/src/Request.ts
@@ -163,7 +163,12 @@ export type RequestOptions = {
   signal?: AbortSignal | EventEmitter;
   /**
    * If `true`, the server certificate is verified against the list of supplied CAs.
-   * An 'error' event is emitted if verification fails.
+   * If verification fails, the request promise is rejected.
+   *
+   * This option is only effective when using the top-level request/curl wrapper with
+   * its default dispatcher. It may be ignored when using `HttpClient.request()`
+   * directly or when `dispatcher` is explicitly provided.
+   *
    * Default: `true`
    */
   rejectUnauthorized?: boolean;