Support for AutoSelectCertificateForUrls policy in headless mode
Reported by
philip.s...@gmail.com,
Jul 4
|
|||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36 Steps to reproduce the problem: 1. Start chrome in headless mode 2. Open web page, which authenticates the user by a TLS client certificate What is the expected behavior? Headless chrome should be able to load the page. What went wrong? The request fails with net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED Did this work before? No Chrome version: 67.0.3396.79 Channel: n/a OS Version: 4.6.2+ Flash Version: Headless chrome should be able to load web pages, which authenticate the user by client certificates. Maybe you could add support to configure the policy AutoSelectCertificateForUrls by a command line parameter.
,
Jul 6
skyostil@, please take a look at this. This is similar request to bug 698629 . Maybe there'd be value in providing a client certificate selection through whatever means headless consumers communicate with a headless running chrome (devtools? API?) Apart from not supporting policies in general as was discussed in bug 698629 , it seems that headless currently doesn't support client certificate selection at all ([1]). The logic we use in non-headless chrome can be seen in [2]. Basically, we check the policy first and fall back to a user selection through a UI popup second. [1] https://cs.chromium.org/chromium/src/headless/lib/browser/headless_content_browser_client.cc?rcl=ebf4a054df21917d2842089c1c82cda31cc26322&l=313 [2] https://cs.chromium.org/chromium/src/chrome/browser/chrome_content_browser_client.cc?rcl=ebf4a054df21917d2842089c1c82cda31cc26322&l=2686
,
Jul 6
,
Jul 9
Sounds like we'd need a few new DevTools commands to let the client handle the flow for ShowSSLClientCertificateSelector.
,
Aug 2
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by rsorokin@chromium.org
, Jul 6Labels: Enterprise-Triaged