refactor: --unsafely-ignore-certificate-errors (#11629)

2025-09-18 16:39:57 +00:00 · 2021-08-10 13:19:45 +02:00 · 2021-08-10 13:19:45 +02:00 · b9a8111a00
commit b9a8111a00
parent 465cf9a6fe
17 changed files with 78 additions and 79 deletions
--- a/cli/file_fetcher.rs
+++ b/cli/file_fetcher.rs
@ -223,7 +223,7 @@ impl FileFetcher {
    allow_remote: bool,
    root_cert_store: Option<RootCertStore>,
    blob_store: BlobStore,
-    unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+    unsafely_ignore_certificate_errors: Option<Vec<String>>,
  ) -> Result<Self, AnyError> {
    Ok(Self {
      auth_tokens: AuthTokens::new(env::var(DENO_AUTH_TOKENS).ok()),
@ -236,7 +236,7 @@ impl FileFetcher {
        root_cert_store,
        None,
        None,
-        unsafely_treat_insecure_origin_as_secure,
+        unsafely_ignore_certificate_errors,
      )?,
      blob_store,
    })
--- a/cli/flags.rs
+++ b/cli/flags.rs
@ -164,7 +164,7 @@ pub struct Flags {
  pub repl: bool,
  pub seed: Option<u64>,
  pub unstable: bool,
-  pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
  pub v8_flags: Vec<String>,
  pub version: bool,
  pub watch: bool,
@ -217,13 +217,13 @@ impl Flags {
      _ => {}
    }
-    match &self.unsafely_treat_insecure_origin_as_secure {
+    match &self.unsafely_ignore_certificate_errors {
      Some(ic_allowlist) if ic_allowlist.is_empty() => {
-        args.push("--unsafely-treat-insecure-origin-as-secure".to_string());
+        args.push("--unsafely-ignore_certificate_errors".to_string());
      }
      Some(ic_allowlist) => {
        let s = format!(
-          "--unsafely-treat-insecure-origin-as-secure={}",
+          "--unsafely-ignore_certificate_errors={}",
          ic_allowlist.join(",")
        );
        args.push(s);
@ -1237,13 +1237,14 @@ fn permission_args<'a, 'b>(app: App<'a, 'b>) -> App<'a, 'b> {
        .validator(crate::flags_allow_net::validator),
    )
    .arg(
-      Arg::with_name("unsafely-treat-insecure-origin-as-secure")
+      Arg::with_name("unsafely-ignore-certificate-errors")
-        .long("unsafely-treat-insecure-origin-as-secure")
+        .long("unsafely-ignore-certificate-errors")
        .min_values(0)
        .takes_value(true)
        .use_delimiter(true)
        .require_equals(true)
-        .help("DANGER: Disables verification of SSL certificates")
+        .value_name("HOSTNAMES")
        .help("DANGER: Disables verification of TLS certificates")
        .validator(crate::flags_allow_net::validator),
    )
    .arg(
@ -1906,13 +1907,11 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
    flags.allow_net = Some(net_allowlist);
  }
-  if let Some(ic_wl) =
+  if let Some(ic_wl) = matches.values_of("unsafely-ignore-certificate-errors") {
    matches.values_of("unsafely-treat-insecure-origin-as-secure")
  {
    let ic_allowlist: Vec<String> =
      crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect())
        .unwrap();
-    flags.unsafely_treat_insecure_origin_as_secure = Some(ic_allowlist);
+    flags.unsafely_ignore_certificate_errors = Some(ic_allowlist);
  }
  if let Some(env_wl) = matches.values_of("allow-env") {
@ -2756,7 +2755,7 @@ mod tests {
        repl: true,
        subcommand: DenoSubcommand::Repl { eval: None },
        allow_net: Some(vec![]),
-        unsafely_treat_insecure_origin_as_secure: None,
+        unsafely_ignore_certificate_errors: None,
        allow_env: Some(vec![]),
        allow_run: Some(vec![]),
        allow_read: Some(vec![]),
@ -3232,7 +3231,7 @@ mod tests {
  #[test]
  fn install_with_flags() {
    #[rustfmt::skip]
-    let r = flags_from_vec(svec!["deno", "install", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-treat-insecure-origin-as-secure", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--name", "file_server", "--root", "/foo", "--force", "https://deno.land/std/http/file_server.ts", "foo", "bar"]);
+    let r = flags_from_vec(svec!["deno", "install", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-ignore-certificate-errors", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--name", "file_server", "--root", "/foo", "--force", "https://deno.land/std/http/file_server.ts", "foo", "bar"]);
    assert_eq!(
      r.unwrap(),
      Flags {
@ -3256,7 +3255,7 @@ mod tests {
        seed: Some(1),
        inspect: Some("127.0.0.1:9229".parse().unwrap()),
        allow_net: Some(vec![]),
-        unsafely_treat_insecure_origin_as_secure: Some(vec![]),
+        unsafely_ignore_certificate_errors: Some(vec![]),
        allow_read: Some(vec![]),
        ..Flags::default()
      }
@ -3402,11 +3401,11 @@ mod tests {
  }
  #[test]
-  fn unsafely_treat_insecure_origin_as_secure() {
+  fn unsafely_ignore_certificate_errors() {
    let r = flags_from_vec(svec![
      "deno",
      "run",
-      "--unsafely-treat-insecure-origin-as-secure",
+      "--unsafely-ignore-certificate-errors",
      "script.ts"
    ]);
    assert_eq!(
@ -3415,7 +3414,7 @@ mod tests {
        subcommand: DenoSubcommand::Run {
          script: "script.ts".to_string(),
        },
-        unsafely_treat_insecure_origin_as_secure: Some(vec![]),
+        unsafely_ignore_certificate_errors: Some(vec![]),
        ..Flags::default()
      }
    );
@ -3426,7 +3425,7 @@ mod tests {
    let r = flags_from_vec(svec![
      "deno",
      "run",
-      "--unsafely-treat-insecure-origin-as-secure=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4",
+      "--unsafely-ignore-certificate-errors=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4",
      "script.ts"
    ]);
    assert_eq!(
@ -3435,7 +3434,7 @@ mod tests {
        subcommand: DenoSubcommand::Run {
          script: "script.ts".to_string(),
        },
-        unsafely_treat_insecure_origin_as_secure: Some(svec![
+        unsafely_ignore_certificate_errors: Some(svec![
          "deno.land",
          "localhost",
          "::",
@ -3927,7 +3926,7 @@ mod tests {
  #[test]
  fn compile_with_flags() {
    #[rustfmt::skip]
-    let r = flags_from_vec(svec!["deno", "compile", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-treat-insecure-origin-as-secure", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--output", "colors", "https://deno.land/std/examples/colors.ts", "foo", "bar"]);
+    let r = flags_from_vec(svec!["deno", "compile", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--unsafely-ignore-certificate-errors", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--allow-read", "--allow-net", "--v8-flags=--help", "--seed", "1", "--output", "colors", "https://deno.land/std/examples/colors.ts", "foo", "bar"]);
    assert_eq!(
      r.unwrap(),
      Flags {
@ -3948,7 +3947,7 @@ mod tests {
        cached_only: true,
        location: Some(Url::parse("https://foo/").unwrap()),
        allow_read: Some(vec![]),
-        unsafely_treat_insecure_origin_as_secure: Some(vec![]),
+        unsafely_ignore_certificate_errors: Some(vec![]),
        allow_net: Some(vec![]),
        v8_flags: svec!["--help", "--random-seed=1"],
        seed: Some(1),
--- a/cli/main.rs
+++ b/cli/main.rs
@ -109,9 +109,9 @@ fn create_web_worker_callback(
        .log_level
        .map_or(false, |l| l == log::Level::Debug),
      unstable: program_state.flags.unstable,
-      unsafely_treat_insecure_origin_as_secure: program_state
+      unsafely_ignore_certificate_errors: program_state
        .flags
-        .unsafely_treat_insecure_origin_as_secure
+        .unsafely_ignore_certificate_errors
        .clone(),
      root_cert_store: program_state.root_cert_store.clone(),
      user_agent: version::get_user_agent(),
@ -193,9 +193,9 @@ pub fn create_main_worker(
      .log_level
      .map_or(false, |l| l == log::Level::Debug),
    unstable: program_state.flags.unstable,
-    unsafely_treat_insecure_origin_as_secure: program_state
+    unsafely_ignore_certificate_errors: program_state
      .flags
-      .unsafely_treat_insecure_origin_as_secure
+      .unsafely_ignore_certificate_errors
      .clone(),
    root_cert_store: program_state.root_cert_store.clone(),
    user_agent: version::get_user_agent(),
--- a/cli/program_state.rs
+++ b/cli/program_state.rs
@ -119,15 +119,15 @@ impl ProgramState {
    }
    if let Some(insecure_allowlist) =
-      flags.unsafely_treat_insecure_origin_as_secure.as_ref()
+      flags.unsafely_ignore_certificate_errors.as_ref()
    {
      let domains = if insecure_allowlist.is_empty() {
-        "for all domains".to_string()
+        "for all hostnames".to_string()
      } else {
        format!("for: {}", insecure_allowlist.join(", "))
      };
      let msg = format!(
-        "DANGER: SSL ceritificate validation is disabled {}",
+        "DANGER: TLS ceritificate validation is disabled {}",
        domains
      );
      eprintln!("{}", colors::yellow(msg));
@ -153,7 +153,7 @@ impl ProgramState {
      !flags.no_remote,
      Some(root_cert_store.clone()),
      blob_store.clone(),
-      flags.unsafely_treat_insecure_origin_as_secure.clone(),
+      flags.unsafely_ignore_certificate_errors.clone(),
    )?;
    let lockfile = if let Some(filename) = &flags.lock {
--- a/cli/standalone.rs
+++ b/cli/standalone.rs
@ -57,7 +57,7 @@ pub struct Metadata {
  pub log_level: Option<Level>,
  pub ca_stores: Option<Vec<String>>,
  pub ca_data: Option<Vec<u8>>,
-  pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
 }
 pub const MAGIC_TRAILER: &[u8; 8] = b"d3n0l4nd";
@ -253,8 +253,8 @@ pub async fn run(
    debug_flag: metadata.log_level.map_or(false, |l| l == log::Level::Debug),
    user_agent: version::get_user_agent(),
    unstable: metadata.unstable,
-    unsafely_treat_insecure_origin_as_secure: metadata
+    unsafely_ignore_certificate_errors: metadata
-      .unsafely_treat_insecure_origin_as_secure,
+      .unsafely_ignore_certificate_errors,
    root_cert_store: Some(root_cert_store),
    seed: metadata.seed,
    js_error_create_fn: None,
--- a/cli/tests/cafile_ts_fetch_unsafe_ssl.ts.out
+++ b/cli/tests/cafile_ts_fetch_unsafe_ssl.ts.out
@ -1,2 +1,2 @@
-DANGER: SSL ceritificate validation is disabled for all domains
+DANGER: TLS ceritificate validation is disabled for all hostnames
 Hello
--- a/cli/tests/cafile_url_imports_unsafe_ssl.ts.out
+++ b/cli/tests/cafile_url_imports_unsafe_ssl.ts.out
@ -1,3 +1,3 @@
-DANGER: SSL ceritificate validation is disabled for: localhost
+DANGER: TLS ceritificate validation is disabled for: localhost
 Hello
 success
--- a/cli/tests/integration/mod.rs
+++ b/cli/tests/integration/mod.rs
@ -475,14 +475,14 @@ fn broken_stdout() {
 // });
 itest!(cafile_url_imports_unsafe_ssl {
-  args: "run --quiet --reload --unsafely-treat-insecure-origin-as-secure=localhost cafile_url_imports.ts",
+  args: "run --quiet --reload --unsafely-ignore-certificate-errors=localhost cafile_url_imports.ts",
  output: "cafile_url_imports_unsafe_ssl.ts.out",
  http_server: true,
 });
 itest!(cafile_ts_fetch_unsafe_ssl {
  args:
-    "run --quiet --reload --allow-net --unsafely-treat-insecure-origin-as-secure cafile_ts_fetch.ts",
+    "run --quiet --reload --allow-net --unsafely-ignore-certificate-errors cafile_ts_fetch.ts",
  output: "cafile_ts_fetch_unsafe_ssl.ts.out",
  http_server: true,
 });
--- a/cli/tools/standalone.rs
+++ b/cli/tools/standalone.rs
@ -99,8 +99,8 @@ pub fn create_standalone_binary(
    location: flags.location.clone(),
    permissions: flags.clone().into(),
    v8_flags: flags.v8_flags.clone(),
-    unsafely_treat_insecure_origin_as_secure: flags
+    unsafely_ignore_certificate_errors: flags
-      .unsafely_treat_insecure_origin_as_secure
+      .unsafely_ignore_certificate_errors
      .clone(),
    log_level: flags.log_level,
    ca_stores: flags.ca_stores,
@ -226,8 +226,8 @@ pub fn compile_to_runtime_flags(
    lock: None,
    log_level: flags.log_level,
    no_check: false,
-    unsafely_treat_insecure_origin_as_secure: flags
+    unsafely_ignore_certificate_errors: flags
-      .unsafely_treat_insecure_origin_as_secure,
+      .unsafely_ignore_certificate_errors,
    no_remote: false,
    prompt: flags.prompt,
    reload: false,
--- a/extensions/fetch/lib.rs
+++ b/extensions/fetch/lib.rs
@ -60,7 +60,7 @@ pub fn init<P: FetchPermissions + 'static>(
  root_cert_store: Option<RootCertStore>,
  proxy: Option<Proxy>,
  request_builder_hook: Option<fn(RequestBuilder) -> RequestBuilder>,
-  unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  unsafely_ignore_certificate_errors: Option<Vec<String>>,
 ) -> Extension {
  Extension::builder()
    .js(include_js_files!(
@ -88,7 +88,7 @@ pub fn init<P: FetchPermissions + 'static>(
          root_cert_store.clone(),
          None,
          proxy.clone(),
-          unsafely_treat_insecure_origin_as_secure.clone(),
+          unsafely_ignore_certificate_errors.clone(),
        )
        .unwrap()
      });
@ -97,8 +97,8 @@ pub fn init<P: FetchPermissions + 'static>(
        root_cert_store: root_cert_store.clone(),
        proxy: proxy.clone(),
        request_builder_hook,
-        unsafely_treat_insecure_origin_as_secure:
+        unsafely_ignore_certificate_errors: unsafely_ignore_certificate_errors
-          unsafely_treat_insecure_origin_as_secure.clone(),
+          .clone(),
      });
      Ok(())
    })
@ -110,7 +110,7 @@ pub struct HttpClientDefaults {
  pub root_cert_store: Option<RootCertStore>,
  pub proxy: Option<Proxy>,
  pub request_builder_hook: Option<fn(RequestBuilder) -> RequestBuilder>,
-  pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
 }
 pub trait FetchPermissions {
@ -543,7 +543,7 @@ where
    defaults.root_cert_store.clone(),
    cert_data,
    args.proxy,
-    defaults.unsafely_treat_insecure_origin_as_secure.clone(),
+    defaults.unsafely_ignore_certificate_errors.clone(),
  )
  .unwrap();
--- a/extensions/net/lib.rs
+++ b/extensions/net/lib.rs
@ -94,16 +94,16 @@ pub struct DefaultTlsOptions {
  pub root_cert_store: Option<RootCertStore>,
 }
-/// `UnsafelyTreatInsecureOriginAsSecure` is a wrapper struct so it can be placed inside `GothamState`;
+/// `UnsafelyIgnoreCertificateErrors` is a wrapper struct so it can be placed inside `GothamState`;
 /// using type alias for a `Option<Vec<String>>` could work, but there's a high chance
 /// that there might be another type alias pointing to a `Option<Vec<String>>`, which
 /// would override previously used alias.
-pub struct UnsafelyTreatInsecureOriginAsSecure(Option<Vec<String>>);
+pub struct UnsafelyIgnoreCertificateErrors(Option<Vec<String>>);
 pub fn init<P: NetPermissions + 'static>(
  root_cert_store: Option<RootCertStore>,
  unstable: bool,
-  unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  unsafely_ignore_certificate_errors: Option<Vec<String>>,
 ) -> Extension {
  let mut ops_to_register = vec![];
  ops_to_register.extend(io::init());
@ -122,8 +122,8 @@ pub fn init<P: NetPermissions + 'static>(
        root_cert_store: root_cert_store.clone(),
      });
      state.put(UnstableChecker { unstable });
-      state.put(UnsafelyTreatInsecureOriginAsSecure(
+      state.put(UnsafelyIgnoreCertificateErrors(
-        unsafely_treat_insecure_origin_as_secure.clone(),
+        unsafely_ignore_certificate_errors.clone(),
      ));
      Ok(())
    })
--- a/extensions/net/ops_tls.rs
+++ b/extensions/net/ops_tls.rs
@ -9,7 +9,7 @@ use crate::resolve_addr::resolve_addr;
 use crate::resolve_addr::resolve_addr_sync;
 use crate::DefaultTlsOptions;
 use crate::NetPermissions;
-use crate::UnsafelyTreatInsecureOriginAsSecure;
+use crate::UnsafelyIgnoreCertificateErrors;
 use deno_core::error::bad_resource;
 use deno_core::error::bad_resource_id;
 use deno_core::error::custom_error;
@ -761,9 +761,9 @@ where
  };
  let port = args.port;
  let cert_file = args.cert_file.as_deref();
-  let unsafely_treat_insecure_origin_as_secure = state
+  let unsafely_ignore_certificate_errors = state
    .borrow()
-    .borrow::<UnsafelyTreatInsecureOriginAsSecure>()
+    .borrow::<UnsafelyIgnoreCertificateErrors>()
    .0
    .clone();
@ -810,7 +810,7 @@ where
  let mut tls_config = create_client_config(
    root_cert_store,
    ca_data,
-    unsafely_treat_insecure_origin_as_secure,
+    unsafely_ignore_certificate_errors,
  )?;
  if args.cert_chain.is_some() || args.private_key.is_some() {
--- a/extensions/tls/lib.rs
+++ b/extensions/tls/lib.rs
@ -125,7 +125,7 @@ pub fn create_default_root_cert_store() -> RootCertStore {
 pub fn create_client_config(
  root_cert_store: Option<RootCertStore>,
  ca_data: Option<Vec<u8>>,
-  unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  unsafely_ignore_certificate_errors: Option<Vec<String>>,
 ) -> Result<ClientConfig, AnyError> {
  let mut tls_config = ClientConfig::new();
  tls_config.set_persistence(CLIENT_SESSION_MEMORY_CACHE.clone());
@ -141,7 +141,7 @@ pub fn create_client_config(
    }
  }
-  if let Some(ic_allowlist) = unsafely_treat_insecure_origin_as_secure {
+  if let Some(ic_allowlist) = unsafely_ignore_certificate_errors {
    tls_config.dangerous().set_certificate_verifier(Arc::new(
      NoCertificateVerification(ic_allowlist),
    ));
@ -157,12 +157,12 @@ pub fn create_http_client(
  root_cert_store: Option<RootCertStore>,
  ca_data: Option<Vec<u8>>,
  proxy: Option<Proxy>,
-  unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  unsafely_ignore_certificate_errors: Option<Vec<String>>,
 ) -> Result<Client, AnyError> {
  let tls_config = create_client_config(
    root_cert_store,
    ca_data,
-    unsafely_treat_insecure_origin_as_secure,
+    unsafely_ignore_certificate_errors,
  )?;
  let mut headers = HeaderMap::new();
  headers.insert(USER_AGENT, user_agent.parse().unwrap());
--- a/extensions/websocket/lib.rs
+++ b/extensions/websocket/lib.rs
@ -54,11 +54,11 @@ pub trait WebSocketPermissions {
  fn check_net_url(&mut self, _url: &url::Url) -> Result<(), AnyError>;
 }
-/// `UnsafelyTreatInsecureOriginAsSecure` is a wrapper struct so it can be placed inside `GothamState`;
+/// `UnsafelyIgnoreCertificateErrors` is a wrapper struct so it can be placed inside `GothamState`;
 /// using type alias for a `Option<Vec<String>>` could work, but there's a high chance
 /// that there might be another type alias pointing to a `Option<Vec<String>>`, which
 /// would override previously used alias.
-pub struct UnsafelyTreatInsecureOriginAsSecure(Option<Vec<String>>);
+pub struct UnsafelyIgnoreCertificateErrors(Option<Vec<String>>);
 /// For use with `op_websocket_*` when the user does not want permissions.
 pub struct NoWebSocketPermissions;
@ -223,9 +223,9 @@ where
      );
  }
-  let unsafely_treat_insecure_origin_as_secure = state
+  let unsafely_ignore_certificate_errors = state
    .borrow()
-    .borrow::<UnsafelyTreatInsecureOriginAsSecure>()
+    .borrow::<UnsafelyIgnoreCertificateErrors>()
    .0
    .clone();
  let root_cert_store = state.borrow().borrow::<WsRootStore>().0.clone();
@ -255,7 +255,7 @@ where
      let tls_config = create_client_config(
        root_cert_store,
        None,
-        unsafely_treat_insecure_origin_as_secure,
+        unsafely_ignore_certificate_errors,
      )?;
      let tls_connector = TlsConnector::from(Arc::new(tls_config));
      let dnsname = DNSNameRef::try_from_ascii_str(domain)
@ -430,7 +430,7 @@ pub async fn op_ws_next_event(
 pub fn init<P: WebSocketPermissions + 'static>(
  user_agent: String,
  root_cert_store: Option<RootCertStore>,
-  unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  unsafely_ignore_certificate_errors: Option<Vec<String>>,
 ) -> Extension {
  Extension::builder()
    .js(include_js_files!(
@ -450,8 +450,8 @@ pub fn init<P: WebSocketPermissions + 'static>(
    ])
    .state(move |state| {
      state.put::<WsUserAgent>(WsUserAgent(user_agent.clone()));
-      state.put(UnsafelyTreatInsecureOriginAsSecure(
+      state.put(UnsafelyIgnoreCertificateErrors(
-        unsafely_treat_insecure_origin_as_secure.clone(),
+        unsafely_ignore_certificate_errors.clone(),
      ));
      state.put::<WsRootStore>(WsRootStore(root_cert_store.clone()));
      Ok(())
--- a/runtime/examples/hello_runtime.rs
+++ b/runtime/examples/hello_runtime.rs
@ -27,7 +27,7 @@ async fn main() -> Result<(), AnyError> {
    args: vec![],
    debug_flag: false,
    unstable: false,
-    unsafely_treat_insecure_origin_as_secure: None,
+    unsafely_ignore_certificate_errors: None,
    root_cert_store: None,
    user_agent: "hello_runtime".to_string(),
    seed: None,
--- a/runtime/web_worker.rs
+++ b/runtime/web_worker.rs
@ -253,7 +253,7 @@ pub struct WebWorkerOptions {
  pub args: Vec<String>,
  pub debug_flag: bool,
  pub unstable: bool,
-  pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
  pub root_cert_store: Option<RootCertStore>,
  pub user_agent: String,
  pub seed: Option<u64>,
@ -305,12 +305,12 @@ impl WebWorker {
        options.root_cert_store.clone(),
        None,
        None,
-        options.unsafely_treat_insecure_origin_as_secure.clone(),
+        options.unsafely_ignore_certificate_errors.clone(),
      ),
      deno_websocket::init::<Permissions>(
        options.user_agent.clone(),
        options.root_cert_store.clone(),
-        options.unsafely_treat_insecure_origin_as_secure.clone(),
+        options.unsafely_ignore_certificate_errors.clone(),
      ),
      deno_broadcast_channel::init(
        options.broadcast_channel.clone(),
@ -344,7 +344,7 @@ impl WebWorker {
        deno_net::init::<Permissions>(
          options.root_cert_store.clone(),
          options.unstable,
-          options.unsafely_treat_insecure_origin_as_secure.clone(),
+          options.unsafely_ignore_certificate_errors.clone(),
        ),
        ops::os::init(),
        ops::permissions::init(),
--- a/runtime/worker.rs
+++ b/runtime/worker.rs
@ -50,7 +50,7 @@ pub struct WorkerOptions {
  pub args: Vec<String>,
  pub debug_flag: bool,
  pub unstable: bool,
-  pub unsafely_treat_insecure_origin_as_secure: Option<Vec<String>>,
+  pub unsafely_ignore_certificate_errors: Option<Vec<String>>,
  pub root_cert_store: Option<RootCertStore>,
  pub user_agent: String,
  pub seed: Option<u64>,
@ -104,12 +104,12 @@ impl MainWorker {
        options.root_cert_store.clone(),
        None,
        None,
-        options.unsafely_treat_insecure_origin_as_secure.clone(),
+        options.unsafely_ignore_certificate_errors.clone(),
      ),
      deno_websocket::init::<Permissions>(
        options.user_agent.clone(),
        options.root_cert_store.clone(),
-        options.unsafely_treat_insecure_origin_as_secure.clone(),
+        options.unsafely_ignore_certificate_errors.clone(),
      ),
      deno_webstorage::init(options.origin_storage_dir.clone()),
      deno_crypto::init(options.seed),
@ -134,7 +134,7 @@ impl MainWorker {
      deno_net::init::<Permissions>(
        options.root_cert_store.clone(),
        options.unstable,
-        options.unsafely_treat_insecure_origin_as_secure.clone(),
+        options.unsafely_ignore_certificate_errors.clone(),
      ),
      ops::os::init(),
      ops::permissions::init(),
@ -304,7 +304,7 @@ mod tests {
      args: vec![],
      debug_flag: false,
      unstable: false,
-      unsafely_treat_insecure_origin_as_secure: None,
+      unsafely_ignore_certificate_errors: None,
      root_cert_store: None,
      seed: None,
      js_error_create_fn: None,
`@ -1,2 +1,2 @@`
	`DANGER: SSL ceritificate validation is disabled for all domains`	`DANGER: TLS ceritificate validation is disabled for all hostnames`
	`Hello`	`Hello`