Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable SSL certificate verification for private apps #369

Merged
merged 3 commits into from
May 11, 2024
Merged

Disable SSL certificate verification for private apps #369

merged 3 commits into from
May 11, 2024

Conversation

viktor44
Copy link
Collaborator

@viktor44 viktor44 commented May 5, 2024

What is this PR

Fixes Ability to trust self-signed or expired certificates with private apps? #278

viktor44
viktor44 commented May 5, 2024
View reviewed changes
packages/app/src/applications/Application.tsx Outdated
Comment on lines 418 to 426
// disable SSL check for private applications
if (!useDefaultSession && Number(appstoreApplicationId) > 1000000) {
services.defaultSession.disableSslCertVerification(partition);

// const appSession = remote.session.fromPartition(partition);
// appSession.setCertificateVerifyProc((_, callback) => {
// callback(0);
// })
}
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @magne4000 , need your help here.
The issue could be fixed with 3 lines of code using @electrone/remote, but I think we should avoid to use it.
So I had tried to implement new method in SessionService and stuck 😞

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SessionServiceImpl was created at some point with the hope that it would be reusable with partitions, but clearly it's not the case.

What I would suggest would be to:

  • simplify SessionServiceImpl constructor and initSession by removing SessionOptions and remove handling of partitions
  • rename others existing functions to getDefaultUserAgent, getDefaultCookies and getDefaultSession
  • move disableSslCertVerification to SessionServiceImpl, and make it so that it takes a partition as argument of the function

So instead of representing a particular session SessionService now represent a way to access all of them. Then we should finally rename all service.defaultSession to service.session.

What do you think?

Copy link
Collaborator Author

@viktor44 viktor44 May 7, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We are calling from renderer to main here. We have to use ipc.
That's the problem I'm struggling to. 😀
That's why all ProviderService magic here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pushed a fix.
Generally, the way to think when implementing or using Services should be:

  • Find the proper way to dispatch a message in the store:
    • From a renderer, use redux store (our case here)
    • From a worker, provide store in ServiceImpl init, then use it
    • From main, provide a Worker Service in init (i.e. a Service whose impl runs in Worker), then use it (should be last resort, as its a complex pattern and difficult to debug)
  • Then, no need to store the message in a state if its just a simple message passing
  • Then, in a saga, call the right service

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a really complicated thing for me.
Thank you.

@magne4000
Copy link
Member

For security reasons, I would prefer that this parameter would be behind an opt-in config per app:

  • upon install
  • in Preferences / My Apps
  • optionally: When detecting SSL certificate errors on pages, propose feature similar to Chrome/Firefox to bypass SSL cert verification for current app (which would also be saved)

@viktor44
Copy link
Collaborator Author

For security reasons, I would prefer that this parameter would be behind an opt-in config per app:

  • upon install
  • in Preferences / My Apps
  • optionally: When detecting SSL certificate errors on pages, propose feature similar to Chrome/Firefox to bypass SSL cert verification for current app (which would also be saved)

I totally agree with you. As for me the best way is to create parameter "Disable SSL check" or something like this. And enable-disable it at the first time with confirmation dialog like we do (should do 😄 ) with notifications.
But then it wouldn't be a 10 lines of code issue and it doesn't worth efforts.

@viktor44 viktor44 marked this pull request as ready for review May 10, 2024 23:21
@magne4000
Copy link
Member

Feel free to merge it as-is, I understand that adding this feature in the UI and what not is not the focus here.

@viktor44 viktor44 merged commit d513074 into getstation:main May 11, 2024
3 checks passed
@viktor44 viktor44 deleted the feature/disable_ssl branch August 25, 2024 12:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@magne4000 magne4000 magne4000 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@viktor44 @magne4000