diff options
| author |  Kristóf Marussy <kristof@marussy.com> | 2022-03-14 17:59:22 +0100 |
|---|---|---|
| committer | Kristóf Marussy <kristof@marussy.com> | 2022-03-15 03:00:05 +0100 |
| commit | d2213e7eba2ec8b478c879397dc0de64d293f367 (patch) | |
| tree | 5e32ece325fa11f13117b2c9e5966d7142826af4 /packages/main/src/infrastructure/electron/impl | |
| parent | feat(renderer): Back and forward mouse buttons (diff) | |
| download | sophie-d2213e7eba2ec8b478c879397dc0de64d293f367.tar.gz sophie-d2213e7eba2ec8b478c879397dc0de64d293f367.tar.zst sophie-d2213e7eba2ec8b478c879397dc0de64d293f367.zip | |
feat: Temporary certificate acceptance backend
We use the 'certificate-error' event of webContents to detect
certificate verification errors and display a message to manually trust
the certificate.
Certificates are trusted per profile and only until Sophie is restarted.
We still need to build the associated UI, the current one is just a
rough prototype for debugging.
Signed-off-by: Kristóf Marussy <kristof@marussy.com>
Diffstat (limited to 'packages/main/src/infrastructure/electron/impl')
| -rw-r--r-- | packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts b/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts index d90ff19..edcf758 100644 --- a/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts +++ b/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts | |||
| @@ -93,6 +93,33 @@ export default class ElectronServiceView implements ServiceView { | |||
| 93 | }, | 93 | }, |
| 94 | ); | 94 | ); |
| 95 | 95 | ||
| 96 | /** | ||
| 97 | * We use the `'certificate-error'` event instead of `session.setCertificateVerifyProc` | ||
| 98 | * because: | ||
| 99 | * | ||
| 100 | * 1. `'certificate-error'` is bound to the `webContents`, so we can display the certificate | ||
| 101 | * in the place of the correct service. Note that chromium still manages certificate trust | ||
| 102 | * per session, so we can't have different trusted certificates for each service of a | ||
| 103 | * profile. | ||
| 104 | * 2. The results of `'certificate-error'` are _not_ cached, so we can initially reject | ||
| 105 | * the certificate but we can still accept it once the user trusts it temporarily. | ||
| 106 | */ | ||
| 107 | webContents.on( | ||
| 108 | 'certificate-error', | ||
| 109 | (event, url, error, certificate, callback, isMainFrame) => { | ||
| 110 | if (service.isCertificateTemporarilyTrusted(certificate)) { | ||
| 111 | event.preventDefault(); | ||
| 112 | callback(true); | ||
| 113 | return; | ||
| 114 | } | ||
| 115 | if (isMainFrame) { | ||
| 116 | setLocation(url); | ||
| 117 | service.setCertificateError(error, certificate); | ||
| 118 | } | ||
| 119 | callback(false); | ||
| 120 | }, | ||
| 121 | ); | ||
| 122 | |||
| 96 | webContents.on('page-title-updated', (_event, title) => { | 123 | webContents.on('page-title-updated', (_event, title) => { |
| 97 | service.setTitle(title); | 124 | service.setTitle(title); |
| 98 | }); | 125 | }); |