Setting validateHttpsCertificates to false is likely insecure #486
Description
The problem
Hello! I've been looking through the code to try to evaluate it for use, and I noticed that validateHttpsCertificates is set to false when fetching a calendar. This likely opens the script up to MITM attacks.
I get that syncing calendars is usually not security critical and it's hard to MITM Google's data centres without a domain takeover or something. That said, it would be more secure to default to checking HTTPS certs and allow users to disable it if they need.
I may also be missing something about the requirements here.
Version of GAS-ICS-Sync
master/5.8
Additional information & file uploads
No response