1 files changed, 27 insertions, 0 deletions
diff --git a/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts b/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts
index d90ff19..edcf758 100644
--- a/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts
+++ b/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts
@@ -93,6 +93,33 @@ export default class ElectronServiceView implements ServiceView {
      },
    );
+    /**
+     * We use the `'certificate-error'` event instead of `session.setCertificateVerifyProc`
+     * because:
+     *
+     * 1. `'certificate-error'` is bound to the `webContents`, so we can display the certificate
+     *    in the place of the correct service. Note that chromium still manages certificate trust
+     *    per session, so we can't have different trusted certificates for each service of a
+     *    profile.
+     * 2. The results of `'certificate-error'` are _not_ cached, so we can initially reject
+     *    the certificate but we can still accept it once the user trusts it temporarily.
+     */
+    webContents.on(
+      'certificate-error',
+      (event, url, error, certificate, callback, isMainFrame) => {
+        if (service.isCertificateTemporarilyTrusted(certificate)) {
+          event.preventDefault();
+          callback(true);
+          return;
+        }
+        if (isMainFrame) {
+          setLocation(url);
+          service.setCertificateError(error, certificate);
+        }
+        callback(false);
+      },
+    );
    webContents.on('page-title-updated', (_event, title) => {
      service.setTitle(title);
    });

diff --git a/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts b/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts index d90ff19..edcf758 100644 --- a/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts +++ b/packages/main/src/infrastructure/electron/impl/ElectronServiceView.ts
@@ -93,6 +93,33 @@ export default class ElectronServiceView implements ServiceView {
93	},	93	},
94	);	94	);
95		95
		96	/**
		97	* We use the `'certificate-error'` event instead of `session.setCertificateVerifyProc`
		98	* because:
		99	*
		100	* 1. `'certificate-error'` is bound to the `webContents`, so we can display the certificate
		101	* in the place of the correct service. Note that chromium still manages certificate trust
		102	* per session, so we can't have different trusted certificates for each service of a
		103	* profile.
		104	* 2. The results of `'certificate-error'` are _not_ cached, so we can initially reject
		105	* the certificate but we can still accept it once the user trusts it temporarily.
		106	*/
		107	webContents.on(
		108	'certificate-error',
		109	(event, url, error, certificate, callback, isMainFrame) => {
		110	if (service.isCertificateTemporarilyTrusted(certificate)) {
		111	event.preventDefault();
		112	callback(true);
		113	return;
		114	}
		115	if (isMainFrame) {
		116	setLocation(url);
		117	service.setCertificateError(error, certificate);
		118	}
		119	callback(false);
		120	},
		121	);
		122
96	webContents.on('page-title-updated', (_event, title) => {	123	webContents.on('page-title-updated', (_event, title) => {
97	service.setTitle(title);	124	service.setTitle(title);
98	});	125	});