From d9d655cae89a0e481e796cf3fc62058c13e1baa2 Mon Sep 17 00:00:00 2001 From: javierlarota Date: Fri, 26 Nov 2021 18:03:54 +0000 Subject: [PATCH 1/2] Allow ignoring certificate errors when using an untrusted self-signed certificate for https communication with the AspCore backend. We can ignore all cert errors or only cert errors from specific domain names configured in electron.manifest.json --- ElectronNET.Host/main.js | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/ElectronNET.Host/main.js b/ElectronNET.Host/main.js index 37d8be8b..2ca46cf8 100644 --- a/ElectronNET.Host/main.js +++ b/ElectronNET.Host/main.js @@ -54,7 +54,7 @@ if (manifestJsonFile.singleInstance || manifestJsonFile.aspCoreBackendPort) { args.forEach(parameter => { const words = parameter.split('='); - if(words.length > 1) { + if (words.length > 1) { app.commandLine.appendSwitch(words[0].replace('--', ''), words[1]); } else { app.commandLine.appendSwitch(words[0].replace('--', '')); @@ -75,6 +75,29 @@ if (manifestJsonFile.singleInstance || manifestJsonFile.aspCoreBackendPort) { } } +// Bypass all SSL/TLS certificate errors. -- Less secure. +if (manifestJsonFile.ignoreAllCertificateErrors) { + console.log('All SSL/TLS Certificate errors will be ignored.'); + app.commandLine.appendSwitch('ignore-certificate-errors'); +} + +// Bypass SSL/TLS certificate errors only for the domain names specified in the electron.manifest.json file. +if (manifestJsonFile.hasOwnProperty('domainNamesToIgnoreCertificateErrors')) { + if (manifestJsonFile.domainNamesToIgnoreCertificateErrors.length > 0) { + manifestJsonFile.domainNamesToIgnoreCertificateErrors.forEach(function (site) { + console.log('SSL/TLS certificate errors will be ignored for ' + site); + }); + + app.on('certificate-error', (event, webContents, url, error, certificate, callback) => { + if (shouldIgnoreCertificateForUrl(url)) { + console.log('SSL/TLS certificate error ignored for URL: ' + url); + event.preventDefault() + callback(true) + } + }) + } +} + app.on('ready', () => { // Fix ERR_UNKNOWN_URL_SCHEME using file protocol @@ -333,3 +356,15 @@ function getEnvironmentParameter() { return ''; } + +function shouldIgnoreCertificateForUrl(url) { + if (manifestJsonFile.hasOwnProperty('domainNamesToIgnoreCertificateErrors')) { + // Removing the scheme from the url so it will cover https and wss:// + const urlWithoutScheme = url.replace(/(^\w+:|^)\/\//, ''); + const sites = manifestJsonFile.domainNamesToIgnoreCertificateErrors.filter((oneSite) => urlWithoutScheme.startsWith(oneSite)); + + return sites.length > 0; + } + + return false; +} From 431e4014516df296d278e454e7363f42e6058227 Mon Sep 17 00:00:00 2001 From: javierlarota Date: Thu, 9 Dec 2021 04:22:35 +0000 Subject: [PATCH 2/2] Feedback from code review. Improving logging of the domain names that will be ignored. --- ElectronNET.Host/main.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/ElectronNET.Host/main.js b/ElectronNET.Host/main.js index 2ca46cf8..b8367f32 100644 --- a/ElectronNET.Host/main.js +++ b/ElectronNET.Host/main.js @@ -84,9 +84,7 @@ if (manifestJsonFile.ignoreAllCertificateErrors) { // Bypass SSL/TLS certificate errors only for the domain names specified in the electron.manifest.json file. if (manifestJsonFile.hasOwnProperty('domainNamesToIgnoreCertificateErrors')) { if (manifestJsonFile.domainNamesToIgnoreCertificateErrors.length > 0) { - manifestJsonFile.domainNamesToIgnoreCertificateErrors.forEach(function (site) { - console.log('SSL/TLS certificate errors will be ignored for ' + site); - }); + console.log(`SSL/TLS certificate errors will be ignored for ${manifestJsonFile.domainNamesToIgnoreCertificateErrors.join(', ')}`); app.on('certificate-error', (event, webContents, url, error, certificate, callback) => { if (shouldIgnoreCertificateForUrl(url)) {