An object describing the security properties of a particular web request. An object of this type is returned from the webRequest.getSecurityInfo()
API.
If the request is not secured using TLS, then this object will contain only the property state
, whose value will be "insecure"
.
Values of this type are objects. They contain the following properties:
certificates
Array
of CertificateInfo
. If webRequest.getSecurityInfo()
was called with the certificateChain
option present and set to true
, this will contain a CertificateInfo
object for every certificate in the chain, from the server certificate up to and including the trust root.CertificateInfo
object, for the server certificate.certificateTransparencyStatus
Optional
String
. Indicates the Certificate Transparency status for the connection. This may take any one of the following values:
cipherSuite
Optional
String
. Cipher suite used for the connection, formatted as per the TLS specification: for example, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256".errorMessage
Optional
String
. If there was a problem with the TLS handshake (for example, the certificate had expired, or a trusted root could not be found, or a certificate was revoked) then status
will be "broken" and the errorMessage
property will contain a string describing the error, taken from Firefox's internal list of error codes.
Note though that at present you can only call getSecurityInfo()
in the onHeaderReceived
listener, and the onHeaderReceived
event is not fired when the handshake fails. So in practice this will never be set.
hpkp
Optional
Boolean
. true
if the host uses Public Key Pinning, false
otherwise.hsts
Optional
Boolean
. true
if the host uses Strict Transport Security, false
otherwise.isDomainMismatch
Optional
Boolean
. true
if the server's domain name does not match the domain name in its certificate, false
otherwise.isExtendedValidation
Optional
Boolean
. true
if the server has an Extended Validation Certificate, false
otherwise.isNotValidAtThisTime
Optional
Boolean
. true
if the current time falls outside the server certificate's validity period (i.e. the certificate has expired or is not yet valid), false
otherwise.isUntrusted
Optional
Boolean
. true
if a chain back to a trusted root certificate could not be constructed, false
otherwise.keaGroupName
Optional
String
. If state
is "secure" this describes the key exchange algorithm used in this request.protocolVersion
Optional
String
. Version of the TLS protocol used. One of:
signatureSchemeName
Optional
String
. If state
is "secure" this describes the signature scheme used in this request.state
String
. State of the connection. One of:
weaknessReasons
to find out the problem.Note though that at present you can only call getSecurityInfo()
in the onHeaderReceived
listener, and the onHeaderReceived
event is not fired when the handshake fails. So in practice this will never be set to "broke".
weaknessReasons
Optional
String
. If state
is "weak", this indicates the reason. Currently this may contain only a single value "cipher", indicating that the negotiated cipher suite is considered weak.Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
SecurityInfo |
No |
No |
62 |
? |
No |
No |
? |
? |
62 |
? |
? |
? |
© 2005–2021 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/webRequest/SecurityInfo