Feature request: allow to access SSL certificate data before request goes through in headless Chrome
Reported by
olegdash...@gmail.com,
Nov 5
|
||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 Steps to reproduce the problem: Currently it's possible to access SSL certificate data AFTER the request has been made (see the attached file or https://gist.github.com/be9/23101bcd95c289dcb7b0c3ae0eb49525). Here a DER-encoded certificate is obtained for www.chase.com. What is the expected behavior? An ability to access certificate data (e.g.. it's fingerprint) BEFORE the request data gets sent is very desirable. It would allow to pin SSL certificates, completely preventing MitM attacks. What went wrong? Nothing, it's a feature request. Did this work before? No Does this work in other browsers? N/A Chrome version: 71.0.3563.0 Channel: dev OS Version: OS X 10.14.0 Flash Version:
,
Nov 5
Pretty sure this is a WontFix/WorkingAsIntended. I don't believe there's any plan to support this for the Chrome case, and support for pinning-like features is intentionally removed. Deferring to Headless triagers, but otherwise I'll close this out.
,
Nov 5
,
Nov 5
|
||||
►
Sign in to add a comment |
||||
Comment 1 by dtapu...@chromium.org
, Nov 5