Comment #1 on issue 26309 by megazzt: XMLHttpRequest() fails against a SSL website with an 'invalid' certificate http://code.google.com/p/chromium/issues/detail?id=26309
There should still be a way to detect bad certs from JavaScript though, since extensions can make use of XMLHTTPRequest to connect to HTTPS sites as part of their operations. If the extension stores a user's username and password to pass along to a site that normally has a good cert it would be useful if the extension could detect a bad cert and either ask the user whether to continue or perhaps refuse to work entirely, if it's never expected for the site to not have a good cert. Although XMLHTTPRequest automatically sends along a user's cookies so normally you wouldn't need to save a username and password as long as the user is logged into the site (depends how the site's API works of course). -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings -- Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs
