The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,975 other subscribers
«
»

To bypass a Chrome certificate/HSTS error, you can type ‘badidea’ (previously ‘thisisunsafe’) without quotes (this might change in the future)

Posted by jpluimers on 2021/11/11

For expired or self-signed certificates with an untrusted chain, you might want to by base the Chrome certificate/HSTS error message.

Instead of clicking a few times, you can also type ‘badidea’ (this used to be ‘thisisunsafe’ and might change again someday).

Based on: [WayBack] security – Does using ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error only apply for the current site? – Stack Overflow

Found via [WayBack] KPN-klanten kunnen Experiabox V10A niet benaderen door verlopen certificaat – Computer – Nieuws – Tweakers

Source code that handles this: [WayBack] components/security_interstitials/core/browser/resources/interstitial_v2.js – chromium/src – Git at Google

/**
 * This allows errors to be skippped by typing a secret phrase into the page.
 * @param {string} e The key that was just pressed.
 */
function handleKeypress(e) {
  var BYPASS_SEQUENCE = 'badidea';
  if (BYPASS_SEQUENCE.charCodeAt(keyPressState) == e.keyCode) {
    keyPressState++;
    if (keyPressState == BYPASS_SEQUENCE.length) {
      sendCommand(SecurityInterstitialCommandId.CMD_PROCEED);
      keyPressState = 0;
    }
  } else {
    keyPressState = 0;
  }
}

–jeroen

This entry was posted on 2021/11/11 at 12:00 and is filed under Chrome, Development, Encryption, https, HTTPS/TLS security, Power User, Security, Web Browsers, Web Development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»
 
%d bloggers like this: