From 511adffc5bb419a938e3b1eb0087a49f62d76db6 Mon Sep 17 00:00:00 2001 From: MHSanaei Date: Wed, 11 Feb 2026 18:18:05 +0100 Subject: [PATCH] Remove allowInsecure Remove the deprecated `allowInsecure` --- sub/subJsonService.go | 3 --- sub/subService.go | 26 ++++---------------------- web/assets/js/model/inbound.js | 18 +----------------- web/assets/js/model/outbound.js | 12 +++--------- web/html/form/outbound.html | 14 +++++++------- web/html/form/tls_settings.html | 3 --- 6 files changed, 15 insertions(+), 61 deletions(-) diff --git a/sub/subJsonService.go b/sub/subJsonService.go index 8222491a..72c5c6f1 100644 --- a/sub/subJsonService.go +++ b/sub/subJsonService.go @@ -253,9 +253,6 @@ func (s *SubJsonService) tlsData(tData map[string]any) map[string]any { tlsData["serverName"] = tData["serverName"] tlsData["alpn"] = tData["alpn"] - if allowInsecure, ok := tlsClientSettings["allowInsecure"].(bool); ok { - tlsData["allowInsecure"] = allowInsecure - } if fingerprint, ok := tlsClientSettings["fingerprint"].(string); ok { tlsData["fingerprint"] = fingerprint } diff --git a/sub/subService.go b/sub/subService.go index e046ebb4..818f193b 100644 --- a/sub/subService.go +++ b/sub/subService.go @@ -270,9 +270,6 @@ func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string { if fpValue, ok := searchKey(tlsSettings, "fingerprint"); ok { obj["fp"], _ = fpValue.(string) } - if insecure, ok := searchKey(tlsSettings, "allowInsecure"); ok { - obj["allowInsecure"], _ = insecure.(bool) - } } } @@ -296,7 +293,7 @@ func (s *SubService) genVmessLink(inbound *model.Inbound, email string) string { newSecurity, _ := ep["forceTls"].(string) newObj := map[string]any{} for key, value := range obj { - if !(newSecurity == "none" && (key == "alpn" || key == "sni" || key == "fp" || key == "allowInsecure")) { + if !(newSecurity == "none" && (key == "alpn" || key == "sni" || key == "fp")) { newObj[key] = value } } @@ -431,11 +428,6 @@ func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string { if fpValue, ok := searchKey(tlsSettings, "fingerprint"); ok { params["fp"], _ = fpValue.(string) } - if insecure, ok := searchKey(tlsSettings, "allowInsecure"); ok { - if insecure.(bool) { - params["allowInsecure"] = "1" - } - } } if streamNetwork == "tcp" && len(clients[clientIndex].Flow) > 0 { @@ -501,7 +493,7 @@ func (s *SubService) genVlessLink(inbound *model.Inbound, email string) string { q := url.Query() for k, v := range params { - if !(newSecurity == "none" && (k == "alpn" || k == "sni" || k == "fp" || k == "allowInsecure")) { + if !(newSecurity == "none" && (k == "alpn" || k == "sni" || k == "fp")) { q.Add(k, v) } } @@ -632,11 +624,6 @@ func (s *SubService) genTrojanLink(inbound *model.Inbound, email string) string if fpValue, ok := searchKey(tlsSettings, "fingerprint"); ok { params["fp"], _ = fpValue.(string) } - if insecure, ok := searchKey(tlsSettings, "allowInsecure"); ok { - if insecure.(bool) { - params["allowInsecure"] = "1" - } - } } } @@ -698,7 +685,7 @@ func (s *SubService) genTrojanLink(inbound *model.Inbound, email string) string q := url.Query() for k, v := range params { - if !(newSecurity == "none" && (k == "alpn" || k == "sni" || k == "fp" || k == "allowInsecure")) { + if !(newSecurity == "none" && (k == "alpn" || k == "sni" || k == "fp")) { q.Add(k, v) } } @@ -837,11 +824,6 @@ func (s *SubService) genShadowsocksLink(inbound *model.Inbound, email string) st if fpValue, ok := searchKey(tlsSettings, "fingerprint"); ok { params["fp"], _ = fpValue.(string) } - if insecure, ok := searchKey(tlsSettings, "allowInsecure"); ok { - if insecure.(bool) { - params["allowInsecure"] = "1" - } - } } } @@ -870,7 +852,7 @@ func (s *SubService) genShadowsocksLink(inbound *model.Inbound, email string) st q := url.Query() for k, v := range params { - if !(newSecurity == "none" && (k == "alpn" || k == "sni" || k == "fp" || k == "allowInsecure")) { + if !(newSecurity == "none" && (k == "alpn" || k == "sni" || k == "fp")) { q.Add(k, v) } } diff --git a/web/assets/js/model/inbound.js b/web/assets/js/model/inbound.js index 9bc93c30..b6059cf7 100644 --- a/web/assets/js/model/inbound.js +++ b/web/assets/js/model/inbound.js @@ -635,7 +635,7 @@ class TlsStreamSettings extends XrayCommonClass { } if (!ObjectUtil.isEmpty(json.settings)) { - settings = new TlsStreamSettings.Settings(json.settings.allowInsecure, json.settings.fingerprint, json.settings.echConfigList); + settings = new TlsStreamSettings.Settings(json.settings.fingerprint, json.settings.echConfigList); } return new TlsStreamSettings( json.serverName, @@ -738,25 +738,21 @@ TlsStreamSettings.Cert = class extends XrayCommonClass { TlsStreamSettings.Settings = class extends XrayCommonClass { constructor( - allowInsecure = false, fingerprint = UTLS_FINGERPRINT.UTLS_CHROME, echConfigList = '', ) { super(); - this.allowInsecure = allowInsecure; this.fingerprint = fingerprint; this.echConfigList = echConfigList; } static fromJson(json = {}) { return new TlsStreamSettings.Settings( - json.allowInsecure, json.fingerprint, json.echConfigList, ); } toJson() { return { - allowInsecure: this.allowInsecure, fingerprint: this.fingerprint, echConfigList: this.echConfigList }; @@ -1417,9 +1413,6 @@ class Inbound extends XrayCommonClass { if (this.stream.tls.alpn.length > 0) { obj.alpn = this.stream.tls.alpn.join(','); } - if (this.stream.tls.settings.allowInsecure) { - obj.allowInsecure = this.stream.tls.settings.allowInsecure; - } } return 'vmess://' + Base64.encode(JSON.stringify(obj, null, 2)); @@ -1480,9 +1473,6 @@ class Inbound extends XrayCommonClass { if (this.stream.isTls) { params.set("fp", this.stream.tls.settings.fingerprint); params.set("alpn", this.stream.tls.alpn); - if (this.stream.tls.settings.allowInsecure) { - params.set("allowInsecure", "1"); - } if (!ObjectUtil.isEmpty(this.stream.tls.sni)) { params.set("sni", this.stream.tls.sni); } @@ -1583,9 +1573,6 @@ class Inbound extends XrayCommonClass { if (this.stream.isTls) { params.set("fp", this.stream.tls.settings.fingerprint); params.set("alpn", this.stream.tls.alpn); - if (this.stream.tls.settings.allowInsecure) { - params.set("allowInsecure", "1"); - } if (this.stream.tls.settings.echConfigList?.length > 0) { params.set("ech", this.stream.tls.settings.echConfigList); } @@ -1662,9 +1649,6 @@ class Inbound extends XrayCommonClass { if (this.stream.isTls) { params.set("fp", this.stream.tls.settings.fingerprint); params.set("alpn", this.stream.tls.alpn); - if (this.stream.tls.settings.allowInsecure) { - params.set("allowInsecure", "1"); - } if (this.stream.tls.settings.echConfigList?.length > 0) { params.set("ech", this.stream.tls.settings.echConfigList); } diff --git a/web/assets/js/model/outbound.js b/web/assets/js/model/outbound.js index fc110b4e..56606231 100644 --- a/web/assets/js/model/outbound.js +++ b/web/assets/js/model/outbound.js @@ -345,16 +345,14 @@ class TlsStreamSettings extends CommonClass { serverName = '', alpn = [], fingerprint = '', - allowInsecure = false, echConfigList = '', - verifyPeerCertByName = 'cloudflare-dns.com', + verifyPeerCertByName = '', pinnedPeerCertSha256 = '', ) { super(); this.serverName = serverName; this.alpn = alpn; this.fingerprint = fingerprint; - this.allowInsecure = allowInsecure; this.echConfigList = echConfigList; this.verifyPeerCertByName = verifyPeerCertByName; this.pinnedPeerCertSha256 = pinnedPeerCertSha256; @@ -365,7 +363,6 @@ class TlsStreamSettings extends CommonClass { json.serverName, json.alpn, json.fingerprint, - json.allowInsecure, json.echConfigList, json.verifyPeerCertByName, json.pinnedPeerCertSha256, @@ -377,7 +374,6 @@ class TlsStreamSettings extends CommonClass { serverName: this.serverName, alpn: this.alpn, fingerprint: this.fingerprint, - allowInsecure: this.allowInsecure, echConfigList: this.echConfigList, verifyPeerCertByName: this.verifyPeerCertByName, pinnedPeerCertSha256: this.pinnedPeerCertSha256 @@ -936,8 +932,7 @@ class Outbound extends CommonClass { stream.tls = new TlsStreamSettings( json.sni, json.alpn ? json.alpn.split(',') : [], - json.fp, - json.allowInsecure); + json.fp); } const port = json.port * 1; @@ -978,10 +973,9 @@ class Outbound extends CommonClass { if (security == 'tls') { let fp = url.searchParams.get('fp') ?? 'none'; let alpn = url.searchParams.get('alpn'); - let allowInsecure = url.searchParams.get('allowInsecure'); let sni = url.searchParams.get('sni') ?? ''; let ech = url.searchParams.get('ech') ?? ''; - stream.tls = new TlsStreamSettings(sni, alpn ? alpn.split(',') : [], fp, allowInsecure == 1, ech); + stream.tls = new TlsStreamSettings(sni, alpn ? alpn.split(',') : [], fp, ech); } if (security == 'reality') { diff --git a/web/html/form/outbound.html b/web/html/form/outbound.html index 4df095d4..a2de920a 100644 --- a/web/html/form/outbound.html +++ b/web/html/form/outbound.html @@ -700,14 +700,12 @@ - - - + v-model.trim="outbound.stream.tls.verifyPeerCertByName" + placeholder="cloudflare-dns.com"> - + @@ -772,7 +770,8 @@ - + @@ -799,7 +798,8 @@