Global certificate error handling via DevTools |
|||
Issue descriptionDevTools currently allows handling certificate errors for individual targets / WebContents (see bug 659662 ). However, when a new target is created (e.g. clicking on a target=_blank link), it is often not possible to send the Security.enable / Security.setOverrideCertificateErrors commands quickly enough before a navigation is attempted. We could solve this in two ways: (a) Make it possible to start any newly created targets in a "paused" state until a DevTools client connects to it and instructs it to continue loading. (b) Make it possible to override certificate errors globally on the browser target. It seems that (a) may be useful for other similar issues, but probably difficult to realize?
,
Dec 6 2017
,
Dec 6 2017
Working on an attempt at (b) here: https://crrev.com/c/811187.
,
Dec 6 2017
In general, I think 'inspection' would want to use (a), while automation would be interested in (b). We already see how (a) is necessary for OOPIFs. To recap,
(a) throttle the navigation of related targets in order to configure target for overrides, interceptions, virtual timing, emulation, security, etc.
(b) make Security, Emulation, Network domains work against browser target.
(c) Dima and I were also thinking of flattening the target control and doing
Runtime.evaluate({targetId, expression}) instead of Target.sendMessageToTarget. This seems to be doable on a browser level as sugar. Omitting the targetId would mean that it affects all the targets (Emulation.setDeviceMetricsOverride). This requires experimentation, but might result in a fairly convenient API.
There is natural dependency between (c) and the rest, so we'd like to explore it further before we make changes to domains such as Emulation and Network. Security seems to be easier with that regard, so you could land your patch, but I suspect that Emulation is the real deal breaker here. You don't want window.open to not intercept/throttle time/network.
,
Dec 6 2017
another brave idea would be (d) introduce a notion of target group that shares the state and contains related targets (page, its iframes, service workers, etc.). Instead of re-configuring each target within the group, entire group is being connected. That way inspection could control page similarly to automation, only emulate / intercept / throttle all targets in the group once.
,
Dec 8 2017
(d) sounds like a great idea and practical, but long time to implement? If (b) is faster, though it supports only the “automation” case, probably it is still a good idea. If you can get a solution out the door for the Certs problem, essentially you will have completely obviated the need for tools such as PhantomJS, and everyone knows how successful that one has been in its niche. Anyway “A for effort” to all you folks
,
Dec 20 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/790e30ff7ade211a00e051792d687330f90de789 commit 790e30ff7ade211a00e051792d687330f90de789 Author: Eric Seckler <eseckler@chromium.org> Date: Wed Dec 20 11:08:26 2017 devtools: Add setIgnoreCertificateErrors, also on browser target. All known clients use certificate error overrides to ignore all certificates, so we're planning to replace it with a simpler "ignore all cert errors" mode instead. This patch deprecates the old override command in favor of a new setIgnoreCertificateErrors command. It also exposes the Security domain on the browser target to facilitate applying this override globally for the whole browser. Bug: 721739 , 792468 Change-Id: I89bd929247877f43abac7c31a420d0756a8fdf89 Reviewed-on: https://chromium-review.googlesource.com/817443 Commit-Queue: Eric Seckler <eseckler@chromium.org> Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Cr-Commit-Position: refs/heads/master@{#525304} [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/content/browser/devtools/browser_devtools_agent_host.cc [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/content/browser/devtools/devtools_agent_host_impl.cc [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/content/browser/devtools/devtools_agent_host_impl.h [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/content/browser/devtools/protocol/devtools_protocol_browsertest.cc [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/content/browser/devtools/protocol/security_handler.cc [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/content/browser/devtools/protocol/security_handler.h [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/content/browser/ssl/ssl_manager.cc [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/content/public/browser/devtools_agent_host.h [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/third_party/WebKit/Source/core/inspector/browser_protocol.json [modify] https://crrev.com/790e30ff7ade211a00e051792d687330f90de789/third_party/WebKit/Source/core/inspector/browser_protocol.pdl
,
Jan 11 2018
Global ignore-all override exists now. |
|||
►
Sign in to add a comment |
|||
Comment 1 by eseckler@chromium.org
, Dec 6 2017