diff options
author | Kristóf Marussy <kristof@marussy.com> | 2022-03-14 17:59:22 +0100 |
---|---|---|
committer | Kristóf Marussy <kristof@marussy.com> | 2022-03-15 03:00:05 +0100 |
commit | d2213e7eba2ec8b478c879397dc0de64d293f367 (patch) | |
tree | 5e32ece325fa11f13117b2c9e5966d7142826af4 /packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts | |
parent | feat(renderer): Back and forward mouse buttons (diff) | |
download | sophie-d2213e7eba2ec8b478c879397dc0de64d293f367.tar.gz sophie-d2213e7eba2ec8b478c879397dc0de64d293f367.tar.zst sophie-d2213e7eba2ec8b478c879397dc0de64d293f367.zip |
feat: Temporary certificate acceptance backend
We use the 'certificate-error' event of webContents to detect
certificate verification errors and display a message to manually trust
the certificate.
Certificates are trusted per profile and only until Sophie is restarted.
We still need to build the associated UI, the current one is just a
rough prototype for debugging.
Signed-off-by: Kristóf Marussy <kristof@marussy.com>
Diffstat (limited to 'packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts')
-rw-r--r-- | packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts b/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts index d90ff19..edcf758 100644 --- a/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts +++ b/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts | |||
@@ -93,6 +93,33 @@ export default class ElectronServiceView implements ServiceView { | |||
93 | }, | 93 | }, |
94 | ); | 94 | ); |
95 | 95 | ||
96 | /** | ||
97 | * We use the `'certificate-error'` event instead of `session.setCertificateVerifyProc` | ||
98 | * because: | ||
99 | * | ||
100 | * 1. `'certificate-error'` is bound to the `webContents`, so we can display the certificate | ||
101 | * in the place of the correct service. Note that chromium still manages certificate trust | ||
102 | * per session, so we can't have different trusted certificates for each service of a | ||
103 | * profile. | ||
104 | * 2. The results of `'certificate-error'` are _not_ cached, so we can initially reject | ||
105 | * the certificate but we can still accept it once the user trusts it temporarily. | ||
106 | */ | ||
107 | webContents.on( | ||
108 | 'certificate-error', | ||
109 | (event, url, error, certificate, callback, isMainFrame) => { | ||
110 | if (service.isCertificateTemporarilyTrusted(certificate)) { | ||
111 | event.preventDefault(); | ||
112 | callback(true); | ||
113 | return; | ||
114 | } | ||
115 | if (isMainFrame) { | ||
116 | setLocation(url); | ||
117 | service.setCertificateError(error, certificate); | ||
118 | } | ||
119 | callback(false); | ||
120 | }, | ||
121 | ); | ||
122 | |||
96 | webContents.on('page-title-updated', (_event, title) => { | 123 | webContents.on('page-title-updated', (_event, title) => { |
97 | service.setTitle(title); | 124 | service.setTitle(title); |
98 | }); | 125 | }); |