Remove ignore_certificate_errors setting (fixes issue #2899)

This removes CefSettings.ignore_certificate_errors and
CefBrowserSettings.ignore_certificate_errors. Due to NetworkService
requirements these values must now be configured globally via the
"ignore-certificate-errors" command-line flag.
This commit is contained in:
Marshall Greenblatt 2021-09-27 14:40:35 +03:00
parent f158c34a21
commit a7bbd8a62b
4 changed files with 4 additions and 30 deletions

View File

@ -42,13 +42,13 @@
// way that may cause binary incompatibility with other builds. The universal // way that may cause binary incompatibility with other builds. The universal
// hash value will change if any platform is affected whereas the platform hash // hash value will change if any platform is affected whereas the platform hash
// values will change only if that particular platform is affected. // values will change only if that particular platform is affected.
#define CEF_API_HASH_UNIVERSAL "e73c0d9d941ac8976074cdbe19e7e0b3acc2760e" #define CEF_API_HASH_UNIVERSAL "21ac25aebdb49a8e8088c6fbee802b04fd07b501"
#if defined(OS_WIN) #if defined(OS_WIN)
#define CEF_API_HASH_PLATFORM "89b87efd9b49e2a5c662445c054f199e751f1aaa" #define CEF_API_HASH_PLATFORM "1d81ccb5ba2f6d658abde2faeb490c8f7f6a60fe"
#elif defined(OS_MAC) #elif defined(OS_MAC)
#define CEF_API_HASH_PLATFORM "9c8b78a5a20443625c1e4be8e2ca106be3e741d7" #define CEF_API_HASH_PLATFORM "d6bd1ab64a160962ee0306625da5dd2a0cae8b31"
#elif defined(OS_LINUX) #elif defined(OS_LINUX)
#define CEF_API_HASH_PLATFORM "83056bb4a1d078cf7847a5d2ab10435e598e788d" #define CEF_API_HASH_PLATFORM "0b5227787444955a548b7544b2cdcda95a354506"
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus

View File

@ -390,17 +390,6 @@ typedef struct _cef_settings_t {
/// ///
int uncaught_exception_stack_size; int uncaught_exception_stack_size;
///
// Set to true (1) to ignore errors related to invalid SSL certificates.
// Enabling this setting can lead to potential security vulnerabilities like
// "man in the middle" attacks. Applications that load content from the
// internet should not enable this setting. Also configurable using the
// "ignore-certificate-errors" command-line switch. Can be overridden for
// individual CefRequestContext instances via the
// CefRequestContextSettings.ignore_certificate_errors value.
///
int ignore_certificate_errors;
/// ///
// Background color used for the browser before a document is loaded and when // Background color used for the browser before a document is loaded and when
// no document color is specified. The alpha component must be either fully // no document color is specified. The alpha component must be either fully
@ -486,16 +475,6 @@ typedef struct _cef_request_context_settings_t {
/// ///
int persist_user_preferences; int persist_user_preferences;
///
// Set to true (1) to ignore errors related to invalid SSL certificates.
// Enabling this setting can lead to potential security vulnerabilities like
// "man in the middle" attacks. Applications that load content from the
// internet should not enable this setting. Can be set globally using the
// CefSettings.ignore_certificate_errors value. This value will be ignored if
// |cache_path| matches the CefSettings.cache_path value.
///
int ignore_certificate_errors;
/// ///
// Comma delimited ordered list of language codes without any whitespace that // Comma delimited ordered list of language codes without any whitespace that
// will be used in the "Accept-Language" HTTP header. Can be set globally // will be used in the "Accept-Language" HTTP header. Can be set globally

View File

@ -594,7 +594,6 @@ struct CefSettingsTraits {
target->pack_loading_disabled = src->pack_loading_disabled; target->pack_loading_disabled = src->pack_loading_disabled;
target->remote_debugging_port = src->remote_debugging_port; target->remote_debugging_port = src->remote_debugging_port;
target->uncaught_exception_stack_size = src->uncaught_exception_stack_size; target->uncaught_exception_stack_size = src->uncaught_exception_stack_size;
target->ignore_certificate_errors = src->ignore_certificate_errors;
target->background_color = src->background_color; target->background_color = src->background_color;
cef_string_set(src->accept_language_list.str, cef_string_set(src->accept_language_list.str,
@ -636,7 +635,6 @@ struct CefRequestContextSettingsTraits {
&target->cache_path, copy); &target->cache_path, copy);
target->persist_session_cookies = src->persist_session_cookies; target->persist_session_cookies = src->persist_session_cookies;
target->persist_user_preferences = src->persist_user_preferences; target->persist_user_preferences = src->persist_user_preferences;
target->ignore_certificate_errors = src->ignore_certificate_errors;
cef_string_set(src->accept_language_list.str, cef_string_set(src->accept_language_list.str,
src->accept_language_list.length, src->accept_language_list.length,
&target->accept_language_list, copy); &target->accept_language_list, copy);

View File

@ -434,9 +434,6 @@ void CefContext::PopulateGlobalRequestContextSettings(
settings->persist_user_preferences = settings->persist_user_preferences =
settings_.persist_user_preferences || settings_.persist_user_preferences ||
command_line->HasSwitch(switches::kPersistUserPreferences); command_line->HasSwitch(switches::kPersistUserPreferences);
settings->ignore_certificate_errors =
settings_.ignore_certificate_errors ||
command_line->HasSwitch(switches::kIgnoreCertificateErrors);
CefString(&settings->cookieable_schemes_list) = CefString(&settings->cookieable_schemes_list) =
CefString(&settings_.cookieable_schemes_list); CefString(&settings_.cookieable_schemes_list);