@svillar @felipeerias (and other maintainers) Currently my approach is use the existing error page we have in https://github.com/Igalia/wolvic/blob/main/app/src/main/res/raw/error_pages.html, and customize the page for each Chromium error code.

I learned that this page is already customized for each Gecko error code in https://github.com/Igalia/wolvic/blob/main/app/src/common/shared/com/igalia/wolvic/utils/InternalPages.java, and Chromium error codes can be found in the neterror component: https://github.com/Igalia/wolvic-chromium/tree/wolvic/components/neterror So I started trying customizing this page for NetError.ERR_CERT_DATE_INVALID in InternalPages.java.

I tested with expired-rsa-dv.ssl.com The error page appeared correcly, however, both the buttons/options of going back or accepting the expired certificate don't work: https://drive.google.com/file/d/1avF19Oa45cgGlMcz2H6YS1yVBMRoX0u6/view?usp=sharing

For the going back option, I can't understand why it doesn't work here, since we use the standard window.history.back():

For the accepting bad cert option, we use document.addCertException() to accept the bad cert:

Could you help me figure out how to make both options (going back or accepting the bad cert) work here? Also I found out Chromium actually has its security interstitials component: https://github.com/Igalia/wolvic-chromium/tree/wolvic/components/security_interstitials Should we somehow use this for our Chromium errors instead of the existing error page we're using for Gecko?

First of all, nice research @haanhvu !

@svillar @felipeerias (and other maintainers) Currently my approach is use the existing error page we have in https://github.com/Igalia/wolvic/blob/main/app/src/main/res/raw/error_pages.html, and customize the page for each Chromium error code.

I learned that this page is already customized for each Gecko error code in https://github.com/Igalia/wolvic/blob/main/app/src/common/shared/com/igalia/wolvic/utils/InternalPages.java, and Chromium error codes can be found in the neterror component: https://github.com/Igalia/wolvic-chromium/tree/wolvic/components/neterror So I started trying customizing this page for NetError.ERR_CERT_DATE_INVALID in InternalPages.java.

I tested with expired-rsa-dv.ssl.com The error page appeared correcly, however, both the buttons/options of going back or accepting the expired certificate don't work: https://drive.google.com/file/d/1avF19Oa45cgGlMcz2H6YS1yVBMRoX0u6/view?usp=sharing

For the going back option, I can't understand why it doesn't work here, since we use the standard window.history.back():

Yeah that's weird. I'd suggest to use remote debugging and check the console errors in the inspector.

wolvic/app/src/main/res/raw/error_pages.html

Line 70 in 1bc0ec5

<button id="advancedPanelReturnButton" onClick="window.history.back()" class="button">Go Back (Recommended)</button>

For the accepting bad cert option, we use document.addCertException() to accept the bad cert:

wolvic/app/src/main/res/raw/error_pages.html

Line 26 in 1bc0ec5

document.addCertException(temporary).then(() => {

I found out this function is from Gecko: https://searchfox.org/mozilla-central/source/dom/webidl/Document.webidl#353 It seems like Chromium has a window.certificateErrorPageController.proceed() function to load a page with bad cert: https://github.com/Igalia/wolvic-chromium/blob/7b1b3d75379c95b9021b7385d813fc886875602f/components/security_interstitials/core/common/resources/interstitial_common.js#L65
However I tried this and it didn't worked either.

Yeah, it's very likely that we still have gecko only stuff in the common code. My suggestion would be to change the JS code. We can check whether addCertException() exists before calling it. If it does not exist then it's because we're running Chromium and then we'd have to use another call.

Could you help me figure out how to make both options (going back or accepting the bad cert) work here? Also I found out Chromium actually has its security interstitials component: https://github.com/Igalia/wolvic-chromium/tree/wolvic/components/security_interstitials Should we somehow use this for our Chromium errors instead of the existing error page we're using for Gecko?

Hmm, those components are for internal use in Chrome, I doubt we can access to them in Wolvic. If possible I think we should keep the current architecture because it's the one that requires less changes and maximizes code sharing.