Closed Bug 1591927 Opened 2 months ago Closed Last month

Implement Security.setIgnoreCertificateErrors

Categories

(Remote Protocol :: Security, enhancement, P1)

enhancement

Tracking

(firefox72 fixed)

RESOLVED FIXED
Tracking Status
firefox72 --- fixed

People

(Reporter: ato, Assigned: ato)

References

(Blocks 2 open bugs, )

Details

(Whiteboard: [puppeteer-alpha])

Attachments

(1 file)

Allows insecure TLS certificates to be bypassed.

Assignee: nobody → ato
Blocks: 1549502
Status: NEW → ASSIGNED
Priority: -- → P1

This implements an all-or-nothing insecure sweeping override that
bypasses security exceptions when loading documents with invalid
or otherwise bad TLS certificates.

Whiteboard: [puppeteer-alpha]

This method is marked as deprecated in the CDP documentation, and also not listed as being used by Gutenberg (https://wiki.mozilla.org/Remote/GutenbergCDPUsage). Why does this block the alpha release?

Flags: needinfo?(ato)
No longer blocks: 1549502

(In reply to Henrik Skupin (:whimboo) [⌚️UTC+2] from comment #2)

This method is marked as deprecated in the CDP documentation,
and also not listed as being used by Gutenberg
(https://wiki.mozilla.org/Remote/GutenbergCDPUsage). Why does this
block the alpha release?

See https://phabricator.services.mozilla.com/D50838#1562109.

This was filed under the wrong name by me.

Blocks: 1593431
Flags: needinfo?(ato)
Summary: Implement Security.setOverrideCertificateErrors → Implement Security.setIgnoreCertificateErrors
Attachment #9104707 - Attachment description: bug 1591927: remote: implement Security.setOverrideCertificateErrors; → bug 1591927: remote: implement Security.setIgnoreCertificateErrors;
Pushed by atolfsen@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/24345627e6de
remote: implement Security.setIgnoreCertificateErrors; r=remote-protocol-reviewers,maja_zf
Status: ASSIGNED → RESOLVED
Closed: Last month
Resolution: --- → FIXED

(In reply to Andreas Tolfsen 「:ato」 from comment #3)

See https://phabricator.services.mozilla.com/D50838#1562109.

This was filed under the wrong name by me.

To be fair I cannot find any instance under the Gutenberg repository which sets the ignoreHTTPSErrors argument of the Puppeteer launcher to true. Which means also this method is never called when running Gutenberg tests.

As such given by our definition of the alpha release it shouldn't be a blocker which we track in the dashboard. Or why do you think otherwise?

Flags: needinfo?(ato)

I chatted with David about it and the puppeteer-alpha definition is a bit flurry. Basically we should work on real blocking issues but given that we are in the collecting phase we would like see nearly each and every bug to be covered in the dashboard.

Flags: needinfo?(ato)
You need to log in before you can comment on or make changes to this bug.