View certificate on mixed content site #8531

darkdh · 2017-04-27T18:15:28Z

fix #8530

Auditors: @diracdeltas

Test Plan:

Go to https://mixed-script.badssl.com/
We should be able to view certificate
Click load unsafe scripts
We should still have option to view certificate

Submitted a ticket for my issue if one did not already exist.
Used Github auto-closing keywords in the commit message.
Added/updated tests for this change (for new code or code which already has tests).
Ran git rebase -i to squash commits (if needed).

diracdeltas · 2017-04-27T22:06:47Z

lgtm!

diracdeltas · 2017-04-27T22:12:11Z

seems like there is a Travis test failure, not sure if intermittent: https://travis-ci.org/brave/browser-laptop/jobs/226508576#L5866

diracdeltas · 2017-04-27T22:33:48Z

I can't check this due to a muon error, but we should also show the Show certificate button on an HTTPS site with an invalid certificate. Ex: go to https://wrong.host.badssl.com/ and click through the warning, then click on the unlock icon.

darkdh · 2017-04-27T22:36:49Z

will add that.

darkdh · 2017-04-27T22:44:18Z

fixed in e842b4b
and also fix an error of getWebContents when you navigate to https://wrong.host.badssl.com/

An uncaught exception occurred in the main process Uncaught Exception:
TypeError: tabs.getWebContents is not a function
    at tabsReducer (/Users/darkdh/Projects/browser-laptop-bootstrap/src/browser-laptop/app/browser/reducers/tabsReducer.js:136:26)
    at reducers.reduce (/Users/darkdh/Projects/browser-laptop-bootstrap/src/browser-laptop/js/stores/appStore.js:365:24)
    at Array.reduce (native)
    at applyReducers (/Users/darkdh/Projects/browser-laptop-bootstrap/src/browser-laptop/js/stores/appStore.js:363:51)
    at handleAppAction (/Users/darkdh/Projects/browser-laptop-bootstrap/src/browser-laptop/js/stores/appStore.js:400:14)
    at callbacks.forEach (/Users/darkdh/Projects/browser-laptop-bootstrap/src/browser-laptop/js/dispatcher/appDispatcher.js:84:7)
    at Array.forEach (native)
    at AppDispatcher.dispatchToOwnRegisteredCallbacks (/Users/darkdh/Projects/browser-laptop-bootstrap/src/browser-laptop/js/dispatcher/appDispatcher.js:83:20)
    at AppDispatcher.dispatchInternal (/Users/darkdh/Projects/browser-laptop-bootstrap/src/browser-laptop/js/dispatcher/appDispatcher.js:109:10)
    at AppDispatcher.dispatch (/Users/darkdh/Projects/browser-laptop-bootstrap/src/browser-laptop/js/dispatcher/appDispatcher.js:68:12)

diracdeltas · 2017-04-27T22:51:18Z

js/components/siteInfo.js

@@ -204,6 +206,7 @@ class SiteInfo extends ImmutableComponent {
      connectionInfo =
        <div className={css(styles.connectionInfo__wrapper)}>
          <div data-l10n-id='insecureConnectionInfo' />
+          {viewCertificateButton}


i think this should only appear if the site is actually HTTPS, otherwise clicking the button doesn't do anything.

darkdh · 2017-04-27T23:33:01Z

Use different description to separate certificate error and plain http

diracdeltas · 2017-04-27T23:36:41Z

this doesn't seem to clear the bad certificate state when you navigate from wrong.host.badssl.com to example.com:

for now, it might be simpler to just show the 'Show certificate' button whenever the URL's protocol is HTTPS. the special text for bad certificates is nice but not necessary. i think all the cases where we need the 'view certificate' button are covered by urlParse(this.location).protocol === 'https:'


        View certificate on mixed content site

@diracdeltas

fix #8530 Auditors: @diracdeltas Test Plan: 1. Go to https://mixed-script.badssl.com/ 2. We should be able to view certificate 3. Click load unsafe scripts 4. We should still have option to view certificate 1. Go to https://wrong.host.badssl.com/ 2. Click proceed to site 3. We should still have option to view certificate 4. Go to http://example.com/ 5. We shouldn't be able to view certificate

darkdh · 2017-04-27T23:52:14Z

@diracdeltas I think I sort the state out in 93d3b88

darkdh added the security label Apr 27, 2017

darkdh added this to the 0.15.1 milestone Apr 27, 2017

darkdh self-assigned this Apr 27, 2017

darkdh requested a review from diracdeltas Apr 27, 2017

darkdh force-pushed the 8530 branch from 026cd01 to e842b4b Apr 27, 2017

diracdeltas suggested changes Apr 27, 2017

View changes

darkdh force-pushed the 8530 branch from e842b4b to dbde7d0 Apr 27, 2017

darkdh force-pushed the 8530 branch from dbde7d0 to 93d3b88 Apr 27, 2017

diracdeltas approved these changes Apr 28, 2017

View changes

diracdeltas merged commit 754951e into master Apr 28, 2017
0 of 2 checks passed

0 of 2 checks passed

continuous-integration/appveyor/pr AppVeyor build failed
Details

continuous-integration/travis-ci/pr The Travis CI build is in progress
Details

diracdeltas deleted the 8530 branch Apr 28, 2017

darkdh mentioned this pull request May 3, 2017

View Certificate on mixed content site #8530

Closed

brave / browser-laptop Archived

View certificate on mixed content site #8531

View certificate on mixed content site #8531

darkdh commented Apr 27, 2017 •

edited

diracdeltas commented Apr 27, 2017

diracdeltas commented Apr 27, 2017

diracdeltas commented Apr 27, 2017

darkdh commented Apr 27, 2017

darkdh commented Apr 27, 2017

This comment has been minimized.

darkdh commented Apr 27, 2017

diracdeltas commented Apr 27, 2017 •

edited

darkdh commented Apr 27, 2017

brave / browser-laptop Archived

Join GitHub today

View certificate on mixed content site #8531

View certificate on mixed content site #8531

Conversation

darkdh commented Apr 27, 2017 • edited

diracdeltas commented Apr 27, 2017

diracdeltas commented Apr 27, 2017

diracdeltas commented Apr 27, 2017

darkdh commented Apr 27, 2017

darkdh commented Apr 27, 2017

This comment has been minimized.

diracdeltas Apr 27, 2017

darkdh commented Apr 27, 2017

diracdeltas commented Apr 27, 2017 • edited

darkdh commented Apr 27, 2017

darkdh commented Apr 27, 2017 •

edited

diracdeltas commented Apr 27, 2017 •

edited