Closed Bug 1541842 Opened 5 years ago Closed 5 years ago

getSecurityInfo should be allowed inside the onBeforeSendHeaders listener

Categories

(WebExtensions :: Request Handling, defect)

Product:
WebExtensions
Component:
Request Handling
Version:
66 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1499592

People

(Reporter: opennota, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

Sometimes you want to see the server's TLS certificate BEFORE you send any potentially sensitive information to the connection. Currently you can't. The documentation for webRequest.getSecurityInfo states that "You can only call this function from inside the webRequest.onHeadersReceived listener." This is a way too late. You've already sent your cookies and what not to the man in the middle.

Actual results:

You can't use webRequest.getSecurityInfo inside a webRequest.onBeforeSendHeaders listener.

Expected results:

webRequest.getSecurityInfo should be allowed inside webRequest.onBeforeSendHeaders listeners.

Component: Untriaged → Request Handling
Product: Firefox → WebExtensions
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.