Bypassing a Chrome Security Warning From the DevTools Console

If you do any local development against HTTPS you’ll eventually hit Chrome’s NET::ERR_CERT_AUTHORITY_INVALID interstitial - the full-page “Your connection is not private” warning. Usually there’s an “Advanced” link that lets you proceed anyway, but on certain certificate errors (HSTS, some ERR_CERT_* variants) that link is missing entirely, leaving you with no obvious way through.

The well-known trick is to click anywhere on the page and type thisisunsafe. That still works, but it turns out you can call the exact command that typing the phrase triggers directly from the DevTools console.

The command

Open DevTools on the interstitial page and run:

sendCommand(SecurityInterstitialCommandId.CMD_PROCEED)

Chrome reloads and takes you through to the site. The interstitial is an internal Chrome page that exposes a sendCommand function and a SecurityInterstitialCommandId enum, and CMD_PROCEED is the same code path the thisisunsafe shortcut fires.

CMD_PROCEED resolves to 1, so if the enum isn’t in scope for some reason you can fall back to:

sendCommand(1)

When to reach for it

This is for development against your own dev servers and self-signed certificates - the kind of cert warning you’ve already decided is safe to ignore. It’s handy when the thisisunsafe typing trick feels flaky, or when you want something you can script against a known internal page.

Obvious caveat - never do this to get past a certificate warning on a site you don’t control. The warning exists for a reason and bypassing it on a real site defeats the point. For local work though, it saves a fair bit of friction.

With a bit of luck I’ve saved you some debugging the next time Chrome refuses to let you near your dev environment.