bypassing unsigned certificate from service-worker

[Tanzim mahtab]

Hi everyone,

Is it possible to bypass an unsigned certificate from `background.js`? I have a cURL command that works fine (it includes the `-k` flag). Can I do the same from `service-worker > background.js`?

Here’s how the cURL command looks:
```
curl -X POST https://165.29.32.81:4343/register \
-H "Content-Type: application/json" \
-d '{
  "username": "testuser",
  "password": "securepassword"
}' -k
```

Thanks in advance

[Patrick Kettner]

Hi Tanzim,

There is nothing an extension can do by itself to do this - it would introduce some pretty huge security holes if there was. Ideally, if you control the back end you get a certificate through free providers like Lets Encrypt. If you don't have the ability to configure the host, another option would be to set up a proxy that you extension uses, that doesn't have an invalid certificate. Finally, individual users are able to ignore certificate errors by launching Chrome with the `--ignore-certificate-errors` flag. This is really not recommended unless you are testing very specific things, as it means you are 100% unprotected against any malicious SSL certs.

patrick

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/875b4808-3b36-495e-b3c9-1f9a9c0f4f25n%40chromium.org.