Open Bug 2002600 Opened 6 days ago Updated 6 days ago

Add support for SSL overrides in policy

Tracking

()

Status:

NEW

People

(Reporter: mkaply, Unassigned)

References

Details

Mike Kaply [:mkaply]

Reporter

Description

•

6 days ago

We should implement the SSLErrorOverrideAllowedForOrigins policy which is in Chrome and Firefox.

We've had this request before where people need to allow for self signed certificates, but they want to prevent people from overriding error pages.

Our workaround has been to copy cert_override.txt to user profiles.

Here's how I did this in the CCK

          if ("certs" in config) {
            if ("override" in config.certs) {
              for (var i=0; i < config.certs.override.length; i++) {
                var xhr = new XMLHttpRequest();
                try {
                  xhr.open("GET", "https://" + config.certs.override[i]);
                  xhr.channel.notificationCallbacks = SSLExceptions;
                  xhr.send(null);
                } catch (ex) {}
              }
            }

Mike Kaply [:mkaply]

Reporter

Comment 1

•

6 days ago

Just to be more specific here, the policy doesn't immediately override those domains, it just allows exceptions when the override is turned off for the whole browser.

So if we were to do something similar, we would need to add code where the security.certerror.hideAddException preference is read and ignore it for certain domains.

Mike Kaply [:mkaply]

Reporter

Updated

•

6 days ago

Duplicate of this bug: 1907360

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Add support for SSL overrides in policy

Categories

(Firefox :: Enterprise Policies, enhancement, P5)

Tracking

()

People

(Reporter: mkaply, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated