[Webkit-unassigned] [Bug 204736] [GTK] Allows visiting webpages that use HSTS despite certificate verification failure?
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 17 07:11:06 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=204736
--- Comment #13 from Michael Catanzaro <mcatanzaro at gnome.org> ---
(In reply to Claudio Saavedra from comment #10)
> Sure, makes sense. What would the API look like though?
Strawman proposal: WebKitWebView::load-failed-with-hsts-error. It would function the same as WebKitWebView::load-failed-with-tls-errors, except we document that calling webkit_web_context_allow_tls_certificate_for_host() will not allow the load to succeed, in contrast to WebKitWebView::load-failed-with-tls-errors. If FALSE is returned (default), then WebKitWebView::load-failed would get called with a network error. (WebKitWebView::load-failed-with-tls-errors would not be called, because that would trick older applications into thinking they can ignore the error.)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191217/633323c7/attachment.htm>
More information about the webkit-unassigned
mailing list