How to handle ERR_INSECURE_RESPONSE in Google Chrome extension

google-chrome google-chrome-extension https ssl-certificate
30,142
  1. No, the extension API does not offer any method to modify SSL settings or behavior.
  2. You could use the chrome.webRequest.onErrorOccurred event to get notified of network errors. The error property will contain the network error code.

For example:

chrome.webRequest.onErrorOccurred.addListener(function(details) {
    if (details.error == 'net::ERR_INSECURE_RESPONSE') {
        console.log('Insecure request detected', details);
    }
}, {
    urls: ['*://*/*'],
    types: ['xmlhttprequest']
});
var x = new XMLHttpRequest;
x.open('get','https://example.com');
x.send();

If for testing only, just start Chrome with the --ignore-certificate-errors flag to allow self-signed certificates to be used. This affects all websites in the same browsing session, so I suggest to use a separate profile directory for this purpose, by appending --user-data-dir=/tmp/temporaryprofiledirectory to the command line arguments.

Another way to avoid the error in the first place is to get a valid SSL certificate. For non-commericial purposes, you can get a free SSL certificate at https://www.startssl.com.

Share:
30,142
Krzysztof Wolny
Author by

Krzysztof Wolny

Updated on July 22, 2022

Comments

  • Krzysztof Wolny
    Krzysztof Wolny almost 2 years

    I'm doing simple GET request to my URL and I get the error "ERR_INSECURE_RESPONSE". THis is fine, as certificate is self-signed. But I have two questions regarding it:

    1. Is there a way to overcome this in extension? Like setting a flag in request or sth like that? (probably not likely)
    2. Is there a way just to handle this error (to notify user)? I've checked all XMLHttpRequest fields and cannot see anything that can indicate this error. Status field has value of 0 (zero).

    Any ideas?

  • Xan
    Xan over 7 years
    With StartCom (responsible for StartSSL) and WoSign (responsible for StartCom) being under scrutiny and essentially unable to sign new certs, the main and possibly only free alternative is Let's Encrypt.
  • steviesama
    steviesama about 7 years
    I use Let's Encrypt but I still get net::ERR_INSECURE_RESPONSE. I'm implementing oauth2 and one https redirects to another after authentication, and I get that error in the console. However, in the address bar, it says secure https and there are no errors whatsoever.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
How to add a self-signed certificate as an exception in Chrome?
Why does Android Chrome say my site's security certificate is not trusted?
Chrome reports ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY connecting to local web server over HTTPS
how to change response header in Chrome
How can I launch Chrome with an unpacked extension?
Difference between background script and content script in chrome extension
How to fix Native Host Has Exited error in Chrome browser extension -- Native Messaging
Chrome Extension “Refused to load the script because it violates the following Content Security Policy directive”
chrome extension force mouse move