View as markdown

Security

Commands

`Security.disable`

Disables tracking security state changes.

`Security.enable`

Enables tracking security state changes.

`Security.setIgnoreCertificateErrors`

Enable/disable whether all certificate errors should be ignored.

Parameters

Name	Type	Description
`ignore`	`boolean`	If true, all certificate errors will be ignored.

`Security.handleCertificateError`

Deprecated

Handles a certificate error that fired a certificateError event.

Parameters

Name	Type	Description
`eventId`	`integer`	The ID of the event.
`action`	`CertificateErrorAction`	The action to take on the certificate error.

`Security.setOverrideCertificateErrors`

Deprecated

Enable/disable overriding certificate errors. If enabled, all certificate error events need to
be handled by the DevTools client and should be answered with `handleCertificateError` commands.

Parameters

Name	Type	Description
`override`	`boolean`	If true, certificate errors will be overridden.

Events

`Security.certificateError`

Deprecated

There is a certificate error. If overriding certificate errors is enabled, then it should be
handled with the `handleCertificateError` command. Note: this event does not fire if the
certificate error has been allowed internally. Only one client per target should override
certificate errors at the same time.

Parameters

Name	Type	Description
`eventId`	`integer`	The ID of the event.
`errorType`	`string`	The type of the error.
`requestURL`	`string`	The url that was requested.

`Security.visibleSecurityStateChanged`

Experimental

The security state of the page changed.

Parameters

Name	Type	Description
`visibleSecurityState`	`VisibleSecurityState`	Security state information about the page.

`Security.securityStateChanged`

Deprecated

The security state of the page changed. No longer being sent.

Parameters

Name	Type	Description
`securityState`	`SecurityState`	Security state.
`schemeIsCryptographic` Deprecated	`boolean`	True if the page was loaded over cryptographic transport such as HTTPS.
`explanations` Deprecated	`array<SecurityStateExplanation>`	Previously a list of explanations for the security state. Now always empty.
`insecureContentStatus` Deprecated	`InsecureContentStatus`	Information about insecure content on the page.
`summary` (optional) Deprecated	`string`	Overrides user-visible description of the state. Always omitted.

Types

`CertificateId`

(integer)

An internal certificate ID value.

`MixedContentType`

(string)

A description of mixed content (HTTP resources on HTTPS pages), as defined by
https://www.w3.org/TR/mixed-content/#categories

Allowed Values

blockable
optionally-blockable
none

`SecurityState`

(string)

The security level of a page or resource.

Allowed Values

unknown
neutral
insecure
secure
info
insecure-broken

`CertificateSecurityState`

(object) Experimental

Details about the security state of the page certificate.

Properties

Name	Type	Description
`protocol`	`string`	Protocol name (e.g. "TLS 1.2" or "QUIC").
`keyExchange`	`string`	Key Exchange used by the connection, or the empty string if not applicable.
`keyExchangeGroup` (optional)	`string`	(EC)DH group used by the connection, if applicable.
`cipher`	`string`	Cipher name.
`mac` (optional)	`string`	TLS MAC. Note that AEAD ciphers do not have separate MACs.
`certificate`	`array<string>`	Page certificate.
`subjectName`	`string`	Certificate subject name.
`issuer`	`string`	Name of the issuing CA.
`validFrom`	`Network.TimeSinceEpoch`	Certificate valid from date.
`validTo`	`Network.TimeSinceEpoch`	Certificate valid to (expiration) date
`certificateNetworkError` (optional)	`string`	The highest priority network error code, if the certificate has an error.
`certificateHasWeakSignature`	`boolean`	True if the certificate uses a weak signature algorithm.
`certificateHasSha1Signature`	`boolean`	True if the certificate has a SHA1 signature in the chain.
`modernSSL`	`boolean`	True if modern SSL
`obsoleteSslProtocol`	`boolean`	True if the connection is using an obsolete SSL protocol.
`obsoleteSslKeyExchange`	`boolean`	True if the connection is using an obsolete SSL key exchange.
`obsoleteSslCipher`	`boolean`	True if the connection is using an obsolete SSL cipher.
`obsoleteSslSignature`	`boolean`	True if the connection is using an obsolete SSL signature.

`SafetyTipStatus`

(string) Experimental

Allowed Values

badReputation
lookalike

`SafetyTipInfo`

(object) Experimental

Properties

Name	Type	Description
`safetyTipStatus`	`SafetyTipStatus`	Describes whether the page triggers any safety tips or reputation warnings. Default is unknown.
`safeUrl` (optional)	`string`	The URL the safety tip suggested ("Did you mean?"). Only filled in for lookalike matches.

`VisibleSecurityState`

(object) Experimental

Security state information about the page.

Properties

Name	Type	Description
`securityState`	`SecurityState`	The security level of the page.
`certificateSecurityState` (optional)	`CertificateSecurityState`	Security state details about the page certificate.
`safetyTipInfo` (optional)	`SafetyTipInfo`	The type of Safety Tip triggered on the page. Note that this field will be set even if the Safety Tip UI was not actually shown.
`securityStateIssueIds`	`array<string>`	Array of security state issues ids.

`SecurityStateExplanation`

(object)

An explanation of an factor contributing to the security state.

Properties

Name	Type	Description
`securityState`	`SecurityState`	Security state representing the severity of the factor being explained.
`title`	`string`	Title describing the type of factor.
`summary`	`string`	Short phrase describing the type of factor.
`description`	`string`	Full text explanation of the factor.
`mixedContentType`	`MixedContentType`	The type of mixed content described by the explanation.
`certificate`	`array<string>`	Page certificate.
`recommendations` (optional)	`array<string>`	Recommendations to fix any issues.

`InsecureContentStatus`

(object) Deprecated

Information about insecure content on the page.

Properties

Name	Type	Description
`ranMixedContent`	`boolean`	Always false.
`displayedMixedContent`	`boolean`	Always false.
`containedMixedForm`	`boolean`	Always false.
`ranContentWithCertErrors`	`boolean`	Always false.
`displayedContentWithCertErrors`	`boolean`	Always false.
`ranInsecureContentStyle`	`SecurityState`	Always set to unknown.
`displayedInsecureContentStyle`	`SecurityState`	Always set to unknown.

`CertificateErrorAction`

(string)

The action to take when a certificate error occurs. continue will continue processing the
request and cancel will cancel the request.

Allowed Values

continue
cancel

Security

Commands

Security.disable

Security.enable

Security.setIgnoreCertificateErrors

Parameters

Security.handleCertificateError

Parameters

Security.setOverrideCertificateErrors

Parameters

Events

Security.certificateError

Parameters

Security.visibleSecurityStateChanged

Parameters

Security.securityStateChanged

Parameters

Types

CertificateId

MixedContentType

Allowed Values

SecurityState

Allowed Values

CertificateSecurityState

Properties

SafetyTipStatus

Allowed Values

SafetyTipInfo

Properties

VisibleSecurityState

Properties

SecurityStateExplanation

Properties

InsecureContentStatus

Properties

CertificateErrorAction

Allowed Values

Summary

`Security.disable`

`Security.enable`

`Security.setIgnoreCertificateErrors`

`Security.handleCertificateError`

`Security.setOverrideCertificateErrors`

`Security.certificateError`

`Security.visibleSecurityStateChanged`

`Security.securityStateChanged`

`CertificateId`

`MixedContentType`

`SecurityState`

`CertificateSecurityState`

`SafetyTipStatus`

`SafetyTipInfo`

`VisibleSecurityState`

`SecurityStateExplanation`

`InsecureContentStatus`

`CertificateErrorAction`