ced2e8779f
feat: Allow detection of MITM HTTPS proxies like ZScaler ( #30174 )
...
* feat: Allow detection of MITM HTTPS proxies like ZScaler
For security purposes, Figma heavily restrics the origins that are
allowed to load within our Electron app. Unfortunately some corporate
environments use MITM proxies like ZScaler, which intercepts our
connection to `https://www.figma.com ` and serves a redirect to e.g.
`https://gateway.zscloud.net ` before finally redirecting back to
`https://www.figma.com `.
In order to detect this situation and handle it gracefully, we need to
be able to know whether or not the certificate for our own origin
(`https://www.figma.com `) is chained to a known root. We do this by
exposesing `CertVerifyResult::is_issued_by_known_root`.
If the certification verification passed without the certificate being
tied to a known root, we can safely assume that we are dealing with a
MITM proxy that has its root CA installed locally on the machine. This
means that HTTPS can't be trusted so we might as well make life easier
for corporate users by loosening our origin restrictions without any
manual steps.
* Tweak docs wording
2021-08-02 10:24:58 +09:00
85718349cc
chore: bump chromium to 93.0.4539.0 (main) ( #29608 )
...
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Co-authored-by: Samuel Attard <sam@electronjs.org>
Co-authored-by: Jeremy Rose <jeremya@chromium.org>
2021-06-16 15:43:51 -07:00
8532e1239e
chore: bump chromium to 93.0.4530.0 (master) ( #29256 )
...
* chore: bump chromium in DEPS to 92.0.4512.6
* 2887336: [CaptureHandle][#2 ] Propagate CaptureHandleConfig in browser process
https://chromium-review.googlesource.com/c/chromium/src/+/2887336
* refactor: base::Optional -> absl::optional
* chore: fixup patch indices
* chore: bump chromium in DEPS to 92.0.4514.0
* 2899417: Make build work when enable_pdf is set to false.
https://chromium-review.googlesource.com/c/chromium/src/+/2899417
* 2904731: use BrowserContext instead of Profile in PreconnectManager
https://chromium-review.googlesource.com/c/chromium/src/+/2904731
* 2295749: fix: check IsSecureEventInputEnabled in constructor before setting SetPasswordInputEnabled to true
https://chromium-review.googlesource.com/c/chromium/src/+/2295749
* 2893803: Add a GetWebView to RenderFrame.
https://chromium-review.googlesource.com/c/chromium/src/+/2893803
* 2892345: Implement WebContents::ForEachRenderFrameHost
https://chromium-review.googlesource.com/c/chromium/src/+/2892345
* chore: fixup patch indices
* 2892048: Real instance methods for BrowserContext: remaining 5 methods.
https://chromium-review.googlesource.com/c/chromium/src/+/2892048
* 2902821: [mojo] Don't require full header includes for referenced interfaces
https://chromium-review.googlesource.com/c/chromium/src/+/2902821
* 2496500: Remove last deprecated extension Event ctor.
https://chromium-review.googlesource.com/c/chromium/src/+/2496500
* chore: fixup malformed pepper support patch
* chore: bump chromium in DEPS to 92.0.4515.0
* 2908461: Add CreateEmptyPrintPagesParamsPtr() inside print_view_manager_base.cc.
https://chromium-review.googlesource.com/c/chromium/src/+/2908461
* 2880838: viz: add optional HDRMetadata to TransferableResource
https://chromium-review.googlesource.com/c/chromium/src/+/2880838
* chore: fixup patch indices
* chore: bump chromium in DEPS to 92.0.4515.5
* chore: update patches
* chore: bump chromium in DEPS to 92.0.4515.7
* chore: bump chromium in DEPS to 92.0.4515.9
* chore: bump chromium in DEPS to 93.0.4522.0
* chore: bump chromium in DEPS to 93.0.4523.0
* chore: bump chromium in DEPS to 93.0.4524.0
* chore: update patches
* chore: enable_pak_file_integrity_checks was reverted
* chore: update patches
* refactor: base/optional was replaced with absl::optional
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2910202
* refactor: replace all usages of base::nullopt with absl::nullopt
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2910202
* chore: add missing base::Contains include
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2910202
* refactor: replace all usages of base::make_optional with
absl::make_optional
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2910202
* refactor: replace WorldScriptContext() with GetScriptContextFromWorldId
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2893213
* chore: clean up left over opening namespace
Refs: 95bfe6d08fhttps://chromium-review.googlesource.com/c/chromium/src/+/2910202
* refactor: replace GetCurrentDisplayIterator with the hard checker
GetCurrentDisplay
This code looks suspicious but if the iterator was invalid before it
will also be invalid now.
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2893191
* refactor: headers are now passed directly in extensions client
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2918906
* refactor: base::DictionaryValue::empty() has been removed
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2912424
* chore: add missing includes for network URLLoaderFactory
Refs: unknown, probably a side effect of header changes
* refactor: make convenience wrapper around AppendArg
There is no converter FromV8 for base::StringPiece (apparently its not
possible). So we now take in an std::string and use the construct for
StringPiece to do implicit conversion.
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2905544
* chore: add patch
* chore: bump chromium in DEPS to 93.0.4525.0
* chore: update patches
* refactor: CanResize has been de-virtualized
Refs: https://chromium-review.googlesource.com/c/chromium/src/+/2485774
* chore: update resource integrity patch
* chore: add character encoding idl patch
* chore: bump chromium in DEPS to 93.0.4526.0
* chore: update patches
* chore: bump chromium in DEPS to 93.0.4527.0
* chore: bump chromium in DEPS to 93.0.4528.0
* chore: update patches
* chore: update idl encoding patch
* chore: bump chromium in DEPS to 93.0.4529.0
* chore: update patches
* chore: bump chromium in DEPS to 93.0.4530.0
* chore: update patches
* fix: only SetCanResize after the widget has been initialized
* chore: add patch for vr on windows gn gen
* spec: fix focus related tests on linux due to delay in focus swap
* chore: remove new usages of base::Optional from main
Co-authored-by: electron-roller[bot] <84116207+electron-roller[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Co-authored-by: PatchUp <73610968+patchup[bot]@users.noreply.github.com>
Co-authored-by: Samuel Attard <sattard@slack-corp.com>
Co-authored-by: Samuel Attard <samuel.r.attard@gmail.com>
2021-06-03 01:05:04 -07:00
37feeb8e5f
feat: expose the chromium validated certificate in the certificate verify proc ( #21890 )
2020-01-27 10:48:29 -08:00
eebea63bed
chore: remove pre network service classes from shell/browser/net ( #19644 )
...
* refactor: rm IOThread class
* chore: rm expose-net-observer-api.patch
* chore: rm unused shell/browser/net/ classes
* chore: mv CertVerifierClient to separate header
* chore: rm url_request_context_getter references
2019-08-07 11:04:09 -04:00
Biru Mohanathas
electron-roller[bot]
Samuel Attard
Robo