Add dev tools button to whitelist insecure origin as secure for testing |
||
Issue descriptionAs discussed on Twitter the other day (https://twitter.com/rem/status/715817857238581248), it would be helpful to have a developer tools option to whitelist an origin to be treated as secure, even though it's insecure. This would effectively be a way to streamline the use of the command line flag --unsafely-treat-insecure-origin-as-secure="example.com". However, to make sure it maintains the security properties of that flag (namely, having a unique cookie jar), it would need to open a window in a new profile, just like --unsafely-treat-insecure-origin-as-secure requires the simultaneous use of --user-data-dir. I imagine the logical place to put this would be in the DevTools security panel.
,
Apr 6 2016
The cache separation (disk and local storage/idb) is the main motivation, not the cookie store. But yes, SG ;)
,
Apr 6 2016
Two strawmen: - Add a view below "Overview" titled "Testing" or "Settings". - Add something to each origin view. But how would "opening a window in a new profile" work? Can we enforce that the setting is temporary (only while DevTools is open)?
,
Jul 29 2016
I don't see how we could productize such a feature in an intuitive manner given that it requires separate cookie jar. It would need UI (actions configs) outside DevTools as well. Looks like --unsafely-treat-insecure-origin-as-secure is a viable workaround for now. |
||
►
Sign in to add a comment |
||
Comment 1 by jww@chromium.org
, Apr 6 2016