From 110dca50f63438f5040ebbc0aaf6bfebfedba8b0 Mon Sep 17 00:00:00 2001
From: wangjingjing <wangjingjing.99@bytedance.com>
Date: Tue, 7 Apr 2026 11:46:54 +0800
Subject: [PATCH] fix: re-apply ignore_https_errors to recording context
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Security.setIgnoreCertificateErrors is session-scoped, so creating a new
BrowserContext for recording (Target.createBrowserContext) starts with the
default certificate validation enabled, ignoring the launch-time flag.

Store ignore_https_errors in BrowserManager alongside download_path, and
re-apply Security.setIgnoreCertificateErrors to the new session after
recording context creation — matching the existing pattern for download
behavior re-application.

Fixes #1172
---
 cli/src/native/actions.rs | 13 +++++++++++++
 cli/src/native/browser.rs |  5 +++++
 2 files changed, 18 insertions(+)

diff --git a/cli/src/native/actions.rs b/cli/src/native/actions.rs
index 338d3f58a..a0e388b35 100644
--- a/cli/src/native/actions.rs
+++ b/cli/src/native/actions.rs
@@ -3939,6 +3939,19 @@ async fn handle_recording_start(cmd: &Value, state: &mut DaemonState) -> Result<
                 .await;
         }
 
+        // Re-apply HTTPS error ignore to the recording context.
+        // Security.setIgnoreCertificateErrors at launch only applies to the session it was sent on.
+        if mgr.ignore_https_errors {
+            let _ = mgr
+                .client
+                .send_command(
+                    "Security.setIgnoreCertificateErrors",
+                    Some(json!({ "ignore": true })),
+                    Some(&new_session_id),
+                )
+                .await;
+        }
+
         // Transfer cookies to new context
         if let Some(ref cr) = cookies_result {
             if let Some(cookie_arr) = cr.get("cookies").and_then(|v| v.as_array()) {
diff --git a/cli/src/native/browser.rs b/cli/src/native/browser.rs
index 3275494d9..7ba5fd8a0 100644
--- a/cli/src/native/browser.rs
+++ b/cli/src/native/browser.rs
@@ -202,6 +202,8 @@ pub struct BrowserManager {
     default_timeout_ms: u64,
     /// Stored download path from launch options, re-applied to new contexts (e.g., recording)
     pub download_path: Option<String>,
+    /// Whether to ignore HTTPS certificate errors, re-applied to new contexts (e.g., recording)
+    pub ignore_https_errors: bool,
     /// Origins visited during this session, used by save_state to collect cross-origin localStorage.
     visited_origins: HashSet<String>,
 }
@@ -273,6 +275,7 @@ impl BrowserManager {
                 active_page_index: 0,
                 default_timeout_ms: 25_000,
                 download_path: download_path.clone(),
+                ignore_https_errors,
                 visited_origins: HashSet::new(),
             };
             manager.discover_and_attach_targets().await?;
@@ -360,6 +363,7 @@ impl BrowserManager {
             active_page_index: 0,
             default_timeout_ms: 25_000,
             download_path: None,
+            ignore_https_errors: false,
             visited_origins: HashSet::new(),
         };
 
@@ -1331,6 +1335,7 @@ async fn initialize_lightpanda_manager(
             active_page_index: 0,
             default_timeout_ms: 25_000,
             download_path: None,
+            ignore_https_errors: false,
             visited_origins: HashSet::new(),
         };