An additional issue that’s related to the implementation of the whitelist for invalid certificates that have been overridden for the duration of the session: the whitelist is stored on the webview, so if I open a URL for which the certificate has been previously whitelisted in a new tab, I will get the security warning page again. The whitelist should be stored on the browser object instead, so that all webviews share it for the duration of the session.
An additional issue that’s related to the implementation of the whitelist for invalid certificates that have been overridden for the duration of the session: the whitelist is stored on the webview, so if I open a URL for which the certificate has been previously whitelisted in a new tab, I will get the security warning page again. The whitelist should be stored on the browser object instead, so that all webviews share it for the duration of the session.