Document how to work around insecure https requests
Closed this issue · 4 comments
Please add a possibility (like -k in curl) for insecure https requests.
Hi there. So, the bad news is: I don't think it is possible for RESTer to ignore certificate errors. This is because RESTer uses fetch and the it's the browser that decides to block the request. It doesn't seem possible for RESTer to detect that fetch failed because of an invalid certificate. The only information it receives is "NetworkError when attempting to fetch resource.".
The good news however is, that you can accept the risk for the site once in a new tab and then RESTer should be able to make the request successfully.
I just tried the following example:
- Attempt to load
GET https://self-signed.badssl.com/in RESTer. It failed. - Open https://self-signed.badssl.com/ in a new tab and accept the certificate warning.
- Attempt to load the same request in RESTer again. This time it worked.
Does that work for you?
Thanks for the prompt reply. Yes, your workaround solved the issue. Maybe worth to note somewhere since developers may often use hosts with bad certificates when debugging.
((Ah, I knew I saw your name somewhere: Car Report app!))
Yep, that's a good idea. I guess there could just be a text in the error modal that says something like:
This could be caused by a HTTPS certificate issue. If so, try to open the URL in a new tab and accept the certificate warning. Then try the request in RESTer again.
I added network troubleshooting advice in 4.7.0. Should be available in the next hours.