Differential D12522

prevent ssl error dialog by website domain
ClosedPublic
Actions

Authored by anmolgautam on Apr 25 2018, 5:31 PM.

Details

Reviewers
drosca
Group Reviewers
Falkon
Commits
R875:61beda4fa220: prevent ssl error dialog by website domain
Summary

BUG: 393162

Diff Detail

Repository
R875 Falkon
Branch
BUG393162
Lint
No Linters Available
Unit
No Unit Test Coverage
anmolgautam created this revision.Apr 25 2018, 5:31 PM
Restricted Application added a project: Falkon. · View Herald TranscriptApr 25 2018, 5:31 PM
Restricted Application added a subscriber: falkon. · View Herald Transcript
anmolgautam requested review of this revision.Apr 25 2018, 5:31 PM
anmolgautam edited the summary of this revision. (Show Details)Apr 25 2018, 5:39 PM
anmolgautam added a reviewer: Falkon.
drosca requested changes to this revision.EditedApr 25 2018, 5:44 PM

This is wrong, it would accept all certificate errors triggered by one page, regardless of what error it is - it may even be error with completely different certificate, from different resource on page. If anything, this should only be offered to reject all certificate errors from one page, but even then it doesn't really make sense.

What should be done to fix that bug is to offer NoForThisSession similar to OnlyForThisSession with same logic. Even this logic is not really correct due to very limited QtWebEngine API here, but is good enough to be used for one browsing session (it only compares url and certificate error type).

This revision now requires changes to proceed.Apr 25 2018, 5:44 PM
anmolgautam updated this revision to Diff 33096.Apr 25 2018, 7:11 PM

corrected revision

anmolgautam edited the summary of this revision. (Show Details)Apr 25 2018, 7:18 PM
drosca requested changes to this revision.Apr 25 2018, 8:48 PM

This now just remember error type, but not url. It has to be done exactly the same as m_ignoredSslErrors - that is, store both url host and error type.

This revision now requires changes to proceed.Apr 25 2018, 8:48 PM
anmolgautam updated this revision to Diff 33106.EditedApr 25 2018, 8:56 PM

updated revision - I totally misunderstood it in prev. revison

drosca added a comment.Apr 25 2018, 9:07 PM

Please change the variable name and also change the commit message to better describe what this change does and it will be good to go.

src/lib/network/networkmanager.h
58

More descriptive name would be better, something like m_rejectedSslErrors.

anmolgautam updated this revision to Diff 33108.Apr 25 2018, 9:35 PM

renamed variable and added commit message

anmolgautam marked an inline comment as done.Apr 25 2018, 9:36 PM
anmolgautam updated this revision to Diff 33120.EditedApr 26 2018, 5:42 AM

Changed git user name

drosca accepted this revision.Apr 29 2018, 11:14 AM

Please commit to master and add FIXED-IN: 3.1.0

This revision is now accepted and ready to land.Apr 29 2018, 11:14 AM
anmolgautam updated this revision to Diff 33289.Apr 29 2018, 1:22 PM

added FIXED-IN: 3.1.0 in commit

Closed by commit R875:61beda4fa220: prevent ssl error dialog by website domain (authored by anmolgautam). · Explain WhyApr 29 2018, 1:35 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Diff 33289

View Options

src/lib/network/networkmanager.h

Loading...
View Options

src/lib/network/networkmanager.cpp

Loading...
View Options

src/lib/network/sslerrordialog.h

Loading...
View Options

src/lib/network/sslerrordialog.cpp

Loading...