How to handle ERR_INSECURE_RESPONSE in Google Chrome extension

Question

I'm doing simple GET request to my URL and I get the error "ERR_INSECURE_RESPONSE". THis is fine, as certificate is self-signed. But I have two questions regarding it:

1. Is there a way to overcome this in extension? Like setting a flag in request or sth like that? (probably not likely)
2. Is there a way just to handle this error (to notify user)? I've checked all XMLHttpRequest fields and cannot see anything that can indicate this error. Status field has value of 0 (zero).

Any ideas?

Answer 1

1. No, the extension API does not offer any method to modify SSL settings or behavior.
2. You could use the chrome.webRequest.onErrorOccurred event to get notified of network errors. The error property will contain the network error code.

For example:

chrome.webRequest.onErrorOccurred.addListener(function(details) {
    if (details.error == 'net::ERR_INSECURE_RESPONSE') {
        console.log('Insecure request detected', details);
    }
}, {
    urls: ['*://*/*'],
    types: ['xmlhttprequest']
});
var x = new XMLHttpRequest;
x.open('get','https://example.com');
x.send();

If for testing only, just start Chrome with the --ignore-certificate-errors flag to allow self-signed certificates to be used. This affects all websites in the same browsing session, so I suggest to use a separate profile directory for this purpose, by appending --user-data-dir=/tmp/temporaryprofiledirectory to the command line arguments.

Another way to avoid the error in the first place is to get a valid SSL certificate. For non-commericial purposes, you can get a free SSL certificate at https://www.startssl.com.