Issue metadata
Sign in to add a comment
|
This is not safe - is still really safe!
Reported by
nickmhut...@gmail.com,
Mar 7 2018
|
||||||||||||||||||||||||
Issue description
Chrome Version : Google Chrome 65.0.3325.106 (Official Build) beta (64-bit)
Revision 342c4a432d6ccd473ef0c1282e6adff217a4f61a-refs/branch-heads/3325@{#616}
URLs (if applicable) : *.*.dev (local development environment)
Other browsers tested:
Safari: n/a
Firefox: n/a
Edge: n/a
What steps will reproduce the problem?
(1) Have self signed cert for dev environment.
(2) Visit dev site (corporate environment)
(3) Get stuck on interstitial page with main error (NET::ERR_CERT_AUTHORITY_INVALID)
(4) Type 'badidea' or as the code now is : 'thisisnotsafe'
What is the expected result?
The warning to be bypassed.
What happens instead?
Absolutely nothing. (neither work)
I found in the source that the text has been replaced so that 'badidea' is no longer usable, but the new warning 'thisisnotsafe' doesn't seem to work either?!
This is my first bug report so apologies if something is off here.
,
Mar 7 2018
,
Mar 8 2018
This has actually been sneakily changed to thisisunsafe rather than thisisnotsafe. Check the commit here: https://chromium.googlesource.com/chromium/src/+/d8fc089b62cd4f8d907acff6fb3f5ff58f168697%5E%21/ window.atob('dGhpc2lzdW5zYWZl') results in "thisisunsafe"
,
Mar 8 2018
Those cheeky sausages!! Still means the code is 'wrong' though IMO
,
Mar 9 2018
Thanks for filing the issue. @Reporter: Could you please share a sample test file/URL which helps us in triaging the issue and also let us know on which OS you are facing this issue.
,
Mar 10 2018
@Viswa.karala - Please refer to comment 3-
The commit in question sets it to a string 'thisisnotsafe' and then immidiately afterwards sets the string to window.atob('dGhpc2lzdW5zYWZl') - which resolves to thisisunsafe.
This is misleading, and I'm inclined to believe deliberately so, (maybe to stop crawlers from finding it and putting it into the public eye.
When I tried to type 'thisisunsafe' it then started working as 'expected'.
Would be nice to know if elawrence@chromium.org did this deliberately or not though.
,
Mar 10 2018
actually - the reason I had issues is because. The diff view was not clear to me as I am colour blind!! (the red and green wasnt easy to discern!) The other reason I was confused is I thought the value was still 'badidea'!
,
Mar 10 2018
Please close >.<
,
Mar 10 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 12 2018
As per comment#8 closing this issue as wont-fix. Please feel free to open a new issue if you feel so. Thanks! |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by csharrison@chromium.org
, Mar 7 2018