cypress.ntlm - cy.visit() - Not secure

[Rashminair88]

Hello,

I am trying to access an intranet application through cypress.ntlm. I am able to log in but the page rendering is weird. Manually I am able to access the page. On the header it shows "Not secure" while running the automation.

Thanks,

[bjowes]

Hi @Rashminair88

This behavior is built into cypress itself. To perform some of its features, cypress must decrypt all HTTPS traffic internally. Then it serves the site to the browser with a self generated certificate. With electron browser, you won't see this, but with Chrome a warning will be displayed that the connection is unsecure. If you drill into that message, you can see that the certificate could not be verified. And if you look into the certificate details, you will see it was issued by CypressProxyCA.

You can try writing a test case agains https://google.com for instance. Even without the plugin you will see the same warning in Chrome due to the HTTPS connection.

You mention that the rendering is weird - is there anything else that is weird except for the "Not secure" message?

[Rashminair88]

Hello,

Thanks for the reply. It's an intranet site. When trying to open up manually it opens up perfectly. But when I use NTLM I see all the htlm messed up. Without any CSS etc. It is displayed as plain text with white background.

Also even though I logged into the site. I can see the error "Failed to load resource: the server responded with a status of 401 (Unauthorized)" in the console in the cypress runner.

Thanks,

[bjowes]

The most likely reason for this is that some resources for the page (CSS etc) cannot be loaded. This could be because they are stored on another site that also requires NTLM authentication. Open the dev tools and run the test - you should see some failed requests for CSS and potentially more. If the status code is 401 my theory is correct. Find out which hosts are serving those resources and add them to the cy.ntlm (or cy.ntlmSso) call.

[Rashminair88]

Hello,

Yes I am seeing 401 unauthorized in the console like below. https:////styles/navigation.css?t=1645357018

I tried using cy.ntlm("https://", 'uname', 'password');

Still getting the same error How will I find the hosts where the CSS is stored?

Thanks!

[bjowes]

That URL looks strange! Anyway, setting cy.ntlm("https://" won't work, it must be a hostname without protocol. If you click in the CSS request in dev tools, what does the "Request URL" say in the details view?

Something to test: cy.ntlm([""], 'uname', 'password'), this will attempt NTLM login on any request that requires it. If that works, it means cypress + the plugin are ok, you just need to figure out the proper hostname. It is possible to use this "wildcard" config, but it is discouraged since you shouldn't login to random places - especially with NTLM. The idea of the wildcard config is more for cases like .my.intranet, so you don't need to add a long list of hosts.

[Rashminair88]

Hello,

This is the screenshot of the runner

Thanks! Rashmi

[bjowes]

I see that you clicked on one of the failing requests, but I cannot see the contents of the details window from the screenshot. To dig a bit deeper, you could also activate the DEBUG logging (see the readme). It will write out in the logs all the hosts that are being accessed and if NTLM is applied to them or not. That should show you if something is missing. If the logs are puzzling you can post them here, but it is difficult to assist in this when all the hostnames are masked. If you would be ok with sharing the debug log in a non-public way, let me know and I'll set something up.

[Rashminair88]

Hello,

Please find the attached screenshot

Thanks! Rashmi

[bjowes]

Sorry, but I can't get the info I need from that screenshot. See the example below, where the details of a request are shown, including the full URL.

Also, the CSS file you marked in your screenshot is a cypress CSS file. You need to activate developer tools and then rerun the test to see the requests performed to your site, and click the CSS loaded there.

As for your collegues issue, I would guess this is a certificate validation issue, since your site uses https. A bit odd that you aren't getting the same, but maybe your setup is slightly different. See the section in the readme about it https://github.com/bjowes/cypress-ntlm-auth#httpsssltls-issues

[Rashminair88]

Hello,

I am not sure if this is helpful. But here is the screenshot

Thanks, Rashmi

[bjowes]

Bingo! If you look at the domain names of those two requests, you will see that they are slightly different. The first image shows a request to rhbeta.rockfin.com The second image shows a request to rhbeta.rktfoc.com Only the second of these two domains are registered in the cy.ntlm call, and that is the only successful one. If you change your cy.ntlm call to: cy.ntlm(['rhbeta.rockfin.com', 'rhbeta.rktfoc.com'], username, password) you should get through.

Hopefully that should be enought, but there may be additional resources loaded from other domains requiring NTLM authentication, so you may need to add additional domains to the cy.ntlm call. Just inspect the traffic and check the domains of all requests that are returning 401.

[Rashminair88]

Thank you so much it resolved my issue . Appreciate your help