nw.js: SSL "--allow-running-insecure-content" won't work with chromium-args [$5]
Our app requires SSL through Node-Webkit while it does authentication. After authentication an iframe is created with SSL to prevent MIMA (man in the middle attacks) of Session ID’s and leakage of other information.
When loading resources ranging from images or YouTube videos inside SSL iframe. Node-Webkit prevents loading non ssl resources even with a --allow-running-insecure-content chromium-argument.
This really halts our development and it’s a little frustrating seeing --allow-running-insecure-content is a valid argument that works with Chromium. So… assuming it was valid we started development. 😓
I guess we should have checked to see if nwjs supported SSL connection fully (our fault) before starting development, theres even an issue about this back in 2013 https://github.com/nwjs/nw.js/issues/1113
Your help or suggestions are very much appreciated, even a work around would be nice!
Bug Reproduce-able on 11.6
<bountysource-plugin>
Did you help close this issue? Go claim the $5 bounty on Bountysource. </bountysource-plugin>
About this issue
- Original URL
- State: closed
- Created 9 years ago
- Comments: 29 (16 by maintainers)
@r1si I met the same problem with you. I spent half a day to find out the reason. Now, it works well in my environment. Share to you: Just add this line in package.json. { … “chromium-args”: “–ignore-certificate-errors” “window”: … … } Please note: “chromium-args” is not a sub element of “window”. it is same level as “window”.
try this
process.env[‘NODE_TLS_REJECT_UNAUTHORIZED’] = ‘0’;
On Tue, May 5, 2015 at 10:02 PM, r1si notifications@github.com wrote:
Try
–remember-cert-error-decisions –ignore-certificate-errors –ignore-urlfetcher-cert-requests
I’ve tested the second with a self signed ssl served over LAN, generated for ligttpd. Worked like a dream. There are variations in self signed certs too and Chromium may be a little sensitive. Just ensure your self signed cert isnt giving you any other errors in your browser.