From 65f97a60ad7ed0ce6863bc4d89dad0eae52f82db Mon Sep 17 00:00:00 2001 From: Marshall Greenblatt Date: Tue, 29 Oct 2019 11:36:26 -0400 Subject: [PATCH] Remove the enable-net-security-expiration option (see issue #2622) The implementation of this option was removed in commit 67b61c4. Certificate transparency is disabled by default for Chromium embedders. Details at: https://chromium.googlesource.com/chromium/src/+/master/net/docs/certificate-transparency.md#Supporting-Certificate-Transparency-for-Embedders --- include/internal/cef_types.h | 24 ------------------------ include/internal/cef_types_wrappers.h | 4 ---- libcef/browser/context.cc | 3 --- libcef/common/cef_switches.cc | 3 --- libcef/common/cef_switches.h | 1 - 5 files changed, 35 deletions(-) diff --git a/include/internal/cef_types.h b/include/internal/cef_types.h index 87abf8bd8..fedccafed 100644 --- a/include/internal/cef_types.h +++ b/include/internal/cef_types.h @@ -385,19 +385,6 @@ typedef struct _cef_settings_t { /// int ignore_certificate_errors; - /// - // Set to true (1) to enable date-based expiration of built in network - // security information (i.e. certificate transparency logs, HSTS preloading - // and pinning information). Enabling this option improves network security - // but may cause HTTPS load failures when using CEF binaries built more than - // 10 weeks in the past. See https://www.certificate-transparency.org/ and - // https://www.chromium.org/hsts for details. Also configurable using the - // "enable-net-security-expiration" command-line switch. Can be overridden for - // individual CefRequestContext instances via the - // CefRequestContextSettings.enable_net_security_expiration value. - /// - int enable_net_security_expiration; - /// // Background color used for the browser before a document is loaded and when // no document color is specified. The alpha component must be either fully @@ -479,17 +466,6 @@ typedef struct _cef_request_context_settings_t { /// int ignore_certificate_errors; - /// - // Set to true (1) to enable date-based expiration of built in network - // security information (i.e. certificate transparency logs, HSTS preloading - // and pinning information). Enabling this option improves network security - // but may cause HTTPS load failures when using CEF binaries built more than - // 10 weeks in the past. See https://www.certificate-transparency.org/ and - // https://www.chromium.org/hsts for details. Can be set globally using the - // CefSettings.enable_net_security_expiration value. - /// - int enable_net_security_expiration; - /// // Comma delimited ordered list of language codes without any whitespace that // will be used in the "Accept-Language" HTTP header. Can be set globally diff --git a/include/internal/cef_types_wrappers.h b/include/internal/cef_types_wrappers.h index c993dbe9a..e616b52c2 100644 --- a/include/internal/cef_types_wrappers.h +++ b/include/internal/cef_types_wrappers.h @@ -603,8 +603,6 @@ struct CefSettingsTraits { target->remote_debugging_port = src->remote_debugging_port; target->uncaught_exception_stack_size = src->uncaught_exception_stack_size; target->ignore_certificate_errors = src->ignore_certificate_errors; - target->enable_net_security_expiration = - src->enable_net_security_expiration; target->background_color = src->background_color; cef_string_set(src->accept_language_list.str, @@ -639,8 +637,6 @@ struct CefRequestContextSettingsTraits { target->persist_session_cookies = src->persist_session_cookies; target->persist_user_preferences = src->persist_user_preferences; target->ignore_certificate_errors = src->ignore_certificate_errors; - target->enable_net_security_expiration = - src->enable_net_security_expiration; cef_string_set(src->accept_language_list.str, src->accept_language_list.length, &target->accept_language_list, copy); diff --git a/libcef/browser/context.cc b/libcef/browser/context.cc index b24afc828..aadebf8b6 100644 --- a/libcef/browser/context.cc +++ b/libcef/browser/context.cc @@ -533,9 +533,6 @@ void CefContext::PopulateRequestContextSettings( settings->ignore_certificate_errors = settings_.ignore_certificate_errors || command_line->HasSwitch(switches::kIgnoreCertificateErrors); - settings->enable_net_security_expiration = - settings_.enable_net_security_expiration || - command_line->HasSwitch(switches::kEnableNetSecurityExpiration); CefString(&settings->accept_language_list) = CefString(&settings_.accept_language_list); } diff --git a/libcef/common/cef_switches.cc b/libcef/common/cef_switches.cc index 598cbeb8b..f1881f47a 100644 --- a/libcef/common/cef_switches.cc +++ b/libcef/common/cef_switches.cc @@ -113,9 +113,6 @@ const char kPluginPolicy_Block[] = "block"; // Expose preferences used only by unit tests. const char kEnablePreferenceTesting[] = "enable-preference-testing"; -// Enable date-based expiration of built in network security information. -const char kEnableNetSecurityExpiration[] = "enable-net-security-expiration"; - // Enable print preview. extern const char kEnablePrintPreview[] = "enable-print-preview"; diff --git a/libcef/common/cef_switches.h b/libcef/common/cef_switches.h index 8abafbfa9..3ace92b35 100644 --- a/libcef/common/cef_switches.h +++ b/libcef/common/cef_switches.h @@ -51,7 +51,6 @@ extern const char kPluginPolicy_Allow[]; extern const char kPluginPolicy_Detect[]; extern const char kPluginPolicy_Block[]; extern const char kEnablePreferenceTesting[]; -extern const char kEnableNetSecurityExpiration[]; extern const char kEnablePrintPreview[]; #if defined(OS_MACOSX)