[BUG] allow-insecure-localhost and unsafely-treat-insecure flags are not respected

shwarcu commented 12 months ago

System info

Playwright Version: 1.38.0
Operating System: macOS Sonoma 14.0
Browser: Chromium/Chrome
Other info:

Config file

import type { PlaywrightTestConfig } from '@playwright/test';
/**
 * See https://playwright.dev/docs/test-configuration.
 */
const config: PlaywrightTestConfig = {
  testDir: './integration-tests',
  expect: {
    timeout: 10000,
  },
  outputDir: 'test-results/',
  fullyParallel: true,
  workers: '30%',
  timeout: 35000,
  use: {
    ignoreHTTPSErrors: true,
    actionTimeout: 0,
    navigationTimeout: 0,
    trace: 'retain-on-failure',
    video: 'retain-on-failure',
    screenshot: 'only-on-failure',
    headless: true,
    baseURL: `https://localhost:3000/`,
    permissions: ['clipboard-read'],
  },
  projects: [
    {
      name: 'chromium',
      use: {
        browserName: 'chromium',
        ignoreHTTPSErrors: true,
        launchOptions: {
          args: ['--allow-insecure-localhost', '--unsafely-treat-insecure-origin-as-secure=https://localhost'],
        },

        viewport: {
          width: 1920,
          height: 1080,
        },
      },
    },
  ],
};

export default config;

[x] I provided exact source code that allows reproducing the issue locally.

Test file (self-contained)

it('test', async ({ page }) => {
  await page.setContent(`<input id='checkbox' type='checkbox'></input>`);
});

Steps

Run any test with this config
In browser window run by Playwright go to chrome://flags/#allow-insecure-localhost
Also check chrome://flags/#unsafely-treat-insecure-origin-as-secure

Expected

Allow invalid certificates for resources loaded from localhost. is ENABLED Insecure origins treated as secure is ENABLED

Actual

Allow invalid certificates for resources loaded from localhost. is DISABLED Insecure origins treated as secure is DISABLED

Additional context

I have local http2 server with self signed certificate. It is serving my app bundle. My dist folder also has MSW service worker which fails to register due to https issues. I am following official documentation from MSW https://mswjs.io/docs/recipes/using-local-https to allow insecure localhost. I followed https://playwright.dev/docs/api/class-browsertype#browser-type-launch in order to add launch args to chrome.

I can see that https://localhost is added to the unsafely-treat-insecure-origin-as-secure field but it's disabled, same as allow-insecure-localhost

Screenshot 2023-10-24 at 09 17 13

shwarcu commented 12 months ago

Update: I think this problem might be caused by https://bugs.chromium.org/p/chromium/issues/detail?id=1008772, it would be great if someone confirm

yury-s commented 12 months ago

Sounds like a Chromium issue which should be reporter at crbug.com (it may well be the same problem as you mentioned above). Does it work without Playwright?

I also see that allow-insecure-localhost flag is not longer on the chrome://flags page in Chromium shipped with Playwright 1.39 but was there in the previous release. It might also be the case that the flag only works in persistent context. What functionality is broken for you apart from the flag state in chrome:flags?

shwarcu commented 12 months ago

Does it work without Playwright?

it does work when I test it manually via flipping flag in chrome://flags, chrome accepts self-signed certificate on localhost and I can access my app

What functionality is broken for you apart from the flag state in chrome:flags?

Because insecure host is not fully allowed, during my Playwright test MSW cannot register its service worker due to SSL certificate error.

So I think there are 2 issues

allow-insecure-localhost is not working when passed in args in Playwright config
--allow-insecure-localhost is not bypassing cert errors for localhost over HTTPS when registering ServiceWorkers as described in chromium bug https://bugs.chromium.org/p/chromium/issues/detail?id=1008772

In general, what I'm trying to achieve is to host my app locally with Http 2.0 and run Playwright tests against it. My Playwright testing setup also involves MSW which needs this flag in order to register its service worker.

yury-s commented 11 months ago

As a workaround you can use page.route for the time being.

@mxschmitt was able to reproduce it, it's likely an upstream Chromium issue.

mxschmitt commented 11 months ago

New Upstream issue: https://bugs.chromium.org/p/chromium/issues/detail?id=1497682

shwarcu commented 11 months ago

As a workaround you can use page.route for the time being.

Not really possible for our use case as we use MSW + our custom mock for WebSocket + fake backend implementation to run app in isolation from any API dependencies ( afaik page.route wouldn't allow sharing logic and data between our Fake-Backend that runs in the browser). But I really appreciate all comments here, thanks a lot for helping with this case 🙇 I will follow upstream issue

pavelfeldman commented 6 months ago

Why was this issue closed?

Thank you for your contribution to our project. This issue has been closed due to its limited upvotes and recent activity, and insufficient feedback for us to effectively act upon. Our priority is to focus on bugs that reflect higher user engagement and have actionable feedback, to ensure our bug database stays manageable.

Should you feel this closure was in error, please create a new issue and reference this one. We're open to revisiting it given increased support or additional clarity. Your understanding and cooperation are greatly appreciated.

microsoft / playwright