diff --git a/include/internal/cef_types.h b/include/internal/cef_types.h index a2a839c72..988e5a0ba 100644 --- a/include/internal/cef_types.h +++ b/include/internal/cef_types.h @@ -326,6 +326,15 @@ typedef struct _cef_settings_t { // switch. /// int context_safety_implementation; + + /// + // Set to true (1) to ignore errors related to invalid SSL certificates. + // Enabling this setting can lead to potential security vulnerabilities like + // "man in the middle" attacks. Applications that load content from the + // internet should not enable this setting. Also configurable using the + // "ignore-certificate-errors" command-line switch. + /// + bool ignore_certificate_errors; } cef_settings_t; /// diff --git a/include/internal/cef_types_wrappers.h b/include/internal/cef_types_wrappers.h index aeae20f78..410979c67 100644 --- a/include/internal/cef_types_wrappers.h +++ b/include/internal/cef_types_wrappers.h @@ -321,6 +321,7 @@ struct CefSettingsTraits { target->remote_debugging_port = src->remote_debugging_port; target->uncaught_exception_stack_size = src->uncaught_exception_stack_size; target->context_safety_implementation = src->context_safety_implementation; + target->ignore_certificate_errors = src->ignore_certificate_errors; } }; diff --git a/libcef/browser/browser_context.cc b/libcef/browser/browser_context.cc index 3dbc0e7a3..1712c9532 100644 --- a/libcef/browser/browser_context.cc +++ b/libcef/browser/browser_context.cc @@ -176,8 +176,6 @@ CefBrowserContext::CefBrowserContext() : use_osr_next_contents_view_(false) { // Initialize the request context getter. url_request_getter_ = new CefURLRequestContextGetter( - false, - GetPath(), BrowserThread::UnsafeGetMessageLoopForThread(BrowserThread::IO), BrowserThread::UnsafeGetMessageLoopForThread(BrowserThread::FILE)); } diff --git a/libcef/browser/url_request_context_getter.cc b/libcef/browser/url_request_context_getter.cc index 98c561938..605c0739c 100644 --- a/libcef/browser/url_request_context_getter.cc +++ b/libcef/browser/url_request_context_getter.cc @@ -28,6 +28,7 @@ #include "chrome/browser/net/proxy_service_factory.h" #include "chrome/browser/net/sqlite_persistent_cookie_store.h" #include "content/public/browser/browser_thread.h" +#include "content/public/common/content_switches.h" #include "net/base/cert_verifier.h" #include "net/base/default_server_bound_cert_store.h" #include "net/base/host_resolver.h" @@ -53,13 +54,9 @@ using content::BrowserThread; #endif CefURLRequestContextGetter::CefURLRequestContextGetter( - bool ignore_certificate_errors, - const FilePath& base_path, MessageLoop* io_loop, MessageLoop* file_loop) - : ignore_certificate_errors_(ignore_certificate_errors), - base_path_(base_path), - io_loop_(io_loop), + : io_loop_(io_loop), file_loop_(file_loop) { // Must first be created on the UI thread. CEF_REQUIRE_UIT(); @@ -155,7 +152,8 @@ net::URLRequestContext* CefURLRequestContextGetter::GetURLRequestContext() { network_session_params.http_server_properties = url_request_context_->http_server_properties(); network_session_params.ignore_certificate_errors = - ignore_certificate_errors_; + (settings.ignore_certificate_errors || + command_line.HasSwitch(switches::kIgnoreCertificateErrors)); net::HttpCache* main_cache = new net::HttpCache(network_session_params, main_backend); diff --git a/libcef/browser/url_request_context_getter.h b/libcef/browser/url_request_context_getter.h index 33e402801..f7d1a0661 100644 --- a/libcef/browser/url_request_context_getter.h +++ b/libcef/browser/url_request_context_getter.h @@ -72,8 +72,6 @@ class URLSecurityManager; class CefURLRequestContextGetter : public net::URLRequestContextGetter { public: CefURLRequestContextGetter( - bool ignore_certificate_errors, - const FilePath& base_path, MessageLoop* io_loop, MessageLoop* file_loop); virtual ~CefURLRequestContextGetter(); @@ -98,8 +96,6 @@ class CefURLRequestContextGetter : public net::URLRequestContextGetter { private: void CreateProxyConfigService(); - bool ignore_certificate_errors_; - FilePath base_path_; MessageLoop* io_loop_; MessageLoop* file_loop_;