Browser: allow temporary certificate trust#299797
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Enables a Chromium-like “proceed anyway” flow for TLS certificate errors in the integrated browser (Simple Browser tab), with temporary trust scoped to a browser session (hostname + certificate fingerprint) and expiring after 1 week.
Changes:
- Adds main-process session trust tracking/persistence (
BrowserSessionTrust) and exposes certificate-error state via navigation/state payloads. - Updates the integrated browser UI to show a certificate error page with “Proceed anyway (unsafe)” and a URL-bar site-info indicator with revoke support.
- Adds electron-main unit tests covering trust persistence, expiration, and clearing behavior.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| src/vs/workbench/contrib/browserView/electron-browser/siteInfoWidget.ts | New URL-bar indicator widget + hover UI for cert trust status and revoke action. |
| src/vs/workbench/contrib/browserView/electron-browser/media/browser.css | Styles for site-info indicator, URL display mode, and certificate error page UI. |
| src/vs/workbench/contrib/browserView/electron-browser/browserEditor.ts | Adds cert-error UX (error page proceed link, URL-bar display mode, site-info widget hookup). |
| src/vs/workbench/contrib/browserView/common/browserView.ts | Extends workbench model to track certificateError and proxy trust/untrust calls. |
| src/vs/platform/browserView/test/electron-main/browserSessionTrust.test.ts | New unit tests for trust persistence/expiration and cert-error handling. |
| src/vs/platform/browserView/electron-main/browserViewMainService.ts | Wires application storage into browser sessions; exposes trust/untrust operations; clears via clearData(). |
| src/vs/platform/browserView/electron-main/browserView.ts | Plumbs certificateError into events/state; reload on trust; close on untrust; installs cert-error handler. |
| src/vs/platform/browserView/electron-main/browserSessionTrust.ts | Implements hostname+fingerprint trust store with 1-week TTL and persisted storage. |
| src/vs/platform/browserView/electron-main/browserSession.ts | Refactors session registry/lifetime management; adds trust + clearData() and storage connection. |
| src/vs/platform/browserView/common/browserView.ts | Adds API types for IBrowserViewCertificateError + trust/untrust methods and state fields. |
src/vs/platform/browserView/electron-main/browserSessionTrust.ts
Outdated
Show resolved
Hide resolved
src/vs/workbench/contrib/browserView/electron-browser/siteInfoWidget.ts
Outdated
Show resolved
Hide resolved
Contributor
📬 CODENOTIFYThe following users are being notified based on files changed in this PR: @jrualesMatched files:
|
lramos15
approved these changes
Mar 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #298982
Same as Chromium, trust is based on hostname+fingerprint and valid for 1 week.
Trust is per-session, persisted in storage, and gets cleared with session data.