mixFetch

An easy way to secure parts or all of your web app is to replace calls to fetch (opens in a new tab) with mixFetch:

npm install @nymproject/mix-fetch

And then:

import { mixFetch } from '@nymproject/mix-fetch';
 
...
 
// HTTP GET
const response = await mixFetch('https://nymtech.net');
const html = await response.text();
 
...
 
// HTTP POST
const apiResponse = await mixFetch('https://api.example.com', {
  method: 'POST',
  body: JSON.stringify({ foo: 'bar' }),
  headers: { [`Content-Type`]: 'application/json', Authorization: `Bearer ${AUTH_TOKEN}` }
});

Sounds great, are there any catches? Well, there are a few (for now):

1. Currently, the operators of Network Requesters that make the final request at the egress part of the Nym Mixnet to the internet use a standard allow list (opens in a new tab) in combination with their own configuration. If you are trying to access something that is not on the allow list, you have two choices:

• run your own Network Requester and locally configure it to allow the hosts you need to connect to
• get in touch with us and give us more information about the sites you want included in the standard allow list

2. We periodically update the CA certificates in mixFetch so if you get a certificate error, we may not have the root CA certificate you need in our list. Send us a PR (opens in a new tab) if you need changes.

3. If you are using mixFetch in a web app with HTTPS you will need to use a gateway that has Secure Websockets to avoid getting a mixed content (opens in a new tab) error.