CLI does not work with Firefox: "Error: InsecureCertificateError"

[shsatovg]

Product: cli

Expectation: In the environment that requires a certificate under the proxy, cli can work with Firefox.

Actual: In the environment that requires a certificate under the proxy, cli get an error "Error: InsecureCertificateError" with Firefox.

detail If I run @axe-core/cli with --browser firefox, --show-errors in an environment that requires a certificate under a proxy, I get the following error. (No error is output when using Chrome and Edge.)

Error: InsecureCertificateError
    at Object.throwDecodedError (C:\Users\user\AppData\Roaming\npm\node_modules\@axe-core\cli\node_modules\selenium-webdriver\lib\error.js:522:15)
    at parseHttpResponse (C:\Users\user\AppData\Roaming\npm\node_modules\@axe-core\cli\node_modules\selenium-webdriver\lib\http.js:549:13)
    at Executor.execute (C:\Users\user\AppData\Roaming\npm\node_modules\@axe-core\cli\node_modules\selenium-webdriver\lib\http.js:475:28)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async Driver.execute (C:\Users\user\AppData\Roaming\npm\node_modules\@axe-core\cli\node_modules\selenium-webdriver\lib\webdriver.js:735:17) {
  remoteStacktrace: 'WebDriverError@chrome://remote/content/shared/webdriver/Errors.jsm:186:5\n' +
    'InsecureCertificateError@chrome://remote/content/shared/webdriver/Errors.jsm:307:5\n' +
    'checkReadyState@chrome://remote/content/marionette/navigate.js:62:24\n' +
    'onNavigation@chrome://remote/content/marionette/navigate.js:333:39\n' +
    'emit@resource://gre/modules/EventEmitter.jsm:160:20\n' +
    'receiveMessage@chrome://remote/content/marionette/actors/MarionetteEventsParent.jsm:44:25\n'
}

Motivation: Because I need to evaluate web pages by @axe-core/cli using Firefox in an environment that requires certificates under proxy.

axe-core version: 4.4.3
@axe-core/cli: 4.4.3

- Node version: v16.13.1
- Platform: Windows 10 Pro 21H2 , Firefox

Assumption of cause : Unlike Chrome and Edge, Firefox references its own configuration file for certificates. The current cli does not seem to have a mechanism to reference that configuration file. https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data

How to fix : This error was resolved by changing the code in @axe-core/cli to use the Firefox profile (cert9.db). We tried the following in the environment at hand and confirmed that it works properly.

1. Import the certificate in the Firefox browser.
2. Store Firefox profile (cert9.db) in an arbitrary folder (e.g. C:/work/profile).
3. add the following to https://github.com/dequelabs/axe-core-npm/blob/develop/packages/cli/src/lib/webdriver.ts

・L3:

import * as chromedriver from 'chromedriver';
import { Builder, Capabilities, WebDriver } from 'selenium-webdriver';
import * as chrome from 'selenium-webdriver/chrome';
+ import * as firefox from 'selenium-webdriver/firefox';
import { WebdriverConfigParams } from '../types';

・L27:

  } else {
    builder = new Builder().forBrowser(config.browser);
+    if (config.browser === 'firefox') {
+    const options = new firefox.Options();
+    options.setProfile('C:/work/profile');
+    builder.setFirefoxOptions(options);
   }

https://www.selenium.dev/documentation/webdriver/capabilities/firefox/

[padmavemulapati]

Validated with @axe-core/cli": "^4.4.4-alpha.299, I didn't see any such certificate issue when I ran axe www.deque.com --browser firefox --show errors, Install our canary version using the command npm install @axe-core/cli@next, Please let us know if you are still seeing

[shsatovg]

Thank you for your confirmation and comments. I have installed the canary version (4.4.4-alpha.299+598ab44). However, the same error was output.

Unlike Chrome and Edge, Firefox references its own configuration file for certificates. The current cli does not seem to have a mechanism to reference that configuration file. https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data