url -> origin

This commit is contained in:
Max Schmitt 2024-07-23 20:22:57 +02:00
parent 358b10addf
commit 172baf90ec
13 changed files with 60 additions and 60 deletions

View file

@ -523,7 +523,7 @@ Does not enforce fixed viewport, allows resizing window in the headed mode.
## context-option-clientCertificates
- `clientCertificates` <[Array]<[Object]>>
- `url` <[string]> Glob pattern to match the URLs that the certificate is valid for.
- `origin` <[string]> Glob pattern to match against the request origin that the certificate is valid for.
- `certPath` ?<[string]> Path to the file with the certificate in PEM format.
- `keyPath` ?<[string]> Path to the file with the private key in PEM format.
- `pfxPath` ?<[string]> Path to the PFX or PKCS12 encoded private key and certificate chain.
@ -533,7 +533,7 @@ TLS Client Authentication allows the server to request a client certificate and
**Details**
An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided with a glob pattern to match the URLs that the certificate is valid for.
An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be provided with a glob pattern to match the origins that the certificate is valid for.
:::note
Using Client Certificates in combination with Proxy Servers is not supported.

View file

@ -150,7 +150,7 @@ import { defineConfig } from '@playwright/test';
export default defineConfig({
use: {
clientCertificates: [{
url: 'https://example.com',
origin: 'https://example.com',
certPath: './cert.pem',
keyPath: './key.pem',
passphrase: 'mysecretpassword',

View file

@ -555,7 +555,7 @@ export async function toClientCertificatesProtocol(certs?: BrowserContextOptions
return undefined;
return await Promise.all(certs.map(async cert => {
return {
url: cert.url,
origin: cert.origin,
cert: cert.certPath ? await fs.promises.readFile(cert.certPath) : undefined,
key: cert.keyPath ? await fs.promises.readFile(cert.keyPath) : undefined,
pfx: cert.pfxPath ? await fs.promises.readFile(cert.pfxPath) : undefined,

View file

@ -48,7 +48,7 @@ export type LifecycleEvent = channels.LifecycleEvent;
export const kLifecycleEvents: Set<LifecycleEvent> = new Set(['load', 'domcontentloaded', 'networkidle', 'commit']);
export type ClientCertificate = {
url: string;
origin: string;
certPath?: string;
keyPath?: string;
pfxPath?: string;

View file

@ -337,7 +337,7 @@ scheme.PlaywrightNewRequestParams = tObject({
ignoreHTTPSErrors: tOptional(tBoolean),
extraHTTPHeaders: tOptional(tArray(tType('NameValue'))),
clientCertificates: tOptional(tArray(tObject({
url: tString,
origin: tString,
cert: tOptional(tBinary),
key: tOptional(tBinary),
passphrase: tOptional(tString),
@ -545,7 +545,7 @@ scheme.BrowserTypeLaunchPersistentContextParams = tObject({
})),
ignoreHTTPSErrors: tOptional(tBoolean),
clientCertificates: tOptional(tArray(tObject({
url: tString,
origin: tString,
cert: tOptional(tBinary),
key: tOptional(tBinary),
passphrase: tOptional(tString),
@ -631,7 +631,7 @@ scheme.BrowserNewContextParams = tObject({
})),
ignoreHTTPSErrors: tOptional(tBoolean),
clientCertificates: tOptional(tArray(tObject({
url: tString,
origin: tString,
cert: tOptional(tBinary),
key: tOptional(tBinary),
passphrase: tOptional(tString),
@ -700,7 +700,7 @@ scheme.BrowserNewContextForReuseParams = tObject({
})),
ignoreHTTPSErrors: tOptional(tBoolean),
clientCertificates: tOptional(tArray(tObject({
url: tString,
origin: tString,
cert: tOptional(tBinary),
key: tOptional(tBinary),
passphrase: tOptional(tString),
@ -2518,7 +2518,7 @@ scheme.AndroidDeviceLaunchBrowserParams = tObject({
})),
ignoreHTTPSErrors: tOptional(tBoolean),
clientCertificates: tOptional(tArray(tObject({
url: tString,
origin: tString,
cert: tOptional(tBinary),
key: tOptional(tBinary),
passphrase: tOptional(tString),

View file

@ -726,8 +726,8 @@ export function verifyClientCertificates(clientCertificates?: channels.BrowserNe
if (!clientCertificates)
return;
for (const cert of clientCertificates) {
if (!cert.url)
throw new Error(`clientCertificates.url is required`);
if (!cert.origin)
throw new Error(`clientCertificates.origin is required`);
if (!cert.cert && !cert.key && !cert.passphrase && !cert.pfx)
throw new Error('None of cert, key, passphrase or pfx is specified');
if (cert.cert && !cert.key)

View file

@ -193,7 +193,7 @@ export abstract class APIRequestContext extends SdkObject {
maxRedirects: params.maxRedirects === 0 ? -1 : params.maxRedirects === undefined ? 20 : params.maxRedirects,
timeout,
deadline,
...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, requestUrl.toString()),
...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, requestUrl.origin),
__testHookLookup: (params as any).__testHookLookup,
};
if (process.env.PWTEST_UNSUPPORTED_CUSTOM_CA && isUnderTest())
@ -357,7 +357,7 @@ export abstract class APIRequestContext extends SdkObject {
maxRedirects: options.maxRedirects - 1,
timeout: options.timeout,
deadline: options.deadline,
...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, url.toString()),
...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, url.origin),
__testHookLookup: options.__testHookLookup,
};
// rejectUnauthorized = undefined is treated as true in node 12.

View file

@ -97,7 +97,7 @@ class SocksProxyConnection {
host: this.host,
port: this.port,
rejectUnauthorized: !this.socksProxy.ignoreHTTPSErrors,
...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, `https://${this.host}:${this.port}/`),
...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, `https://${this.host}:${this.port}`),
};
if (!net.isIP(this.host))
tlsOptions.servername = this.host;
@ -183,7 +183,7 @@ export function clientCertificatesToTLSOptions(
const matchingCerts = clientCertificates?.filter(c => {
let regex: RegExp | undefined = (c as any)[kClientCertificatesGlobRegex];
if (!regex) {
regex = globToRegex(c.url);
regex = globToRegex(c.origin);
(c as any)[kClientCertificatesGlobRegex] = regex;
}
regex.lastIndex = 0;

View file

@ -13172,8 +13172,8 @@ export interface BrowserType<Unused = {}> {
*
* An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
* single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
* certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
* with a glob pattern to match the URLs that the certificate is valid for.
* certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
* provided with a glob pattern to match the origins that the certificate is valid for.
*
* **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
*
@ -13182,9 +13182,9 @@ export interface BrowserType<Unused = {}> {
*/
clientCertificates?: Array<{
/**
* Glob pattern to match the URLs that the certificate is valid for.
* Glob pattern to match against the request origin that the certificate is valid for.
*/
url: string;
origin: string;
/**
* Path to the file with the certificate in PEM format.
@ -15583,8 +15583,8 @@ export interface APIRequest {
*
* An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
* single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
* certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
* with a glob pattern to match the URLs that the certificate is valid for.
* certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
* provided with a glob pattern to match the origins that the certificate is valid for.
*
* **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
*
@ -15593,9 +15593,9 @@ export interface APIRequest {
*/
clientCertificates?: Array<{
/**
* Glob pattern to match the URLs that the certificate is valid for.
* Glob pattern to match against the request origin that the certificate is valid for.
*/
url: string;
origin: string;
/**
* Path to the file with the certificate in PEM format.
@ -16776,8 +16776,8 @@ export interface Browser extends EventEmitter {
*
* An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
* single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
* certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
* with a glob pattern to match the URLs that the certificate is valid for.
* certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
* provided with a glob pattern to match the origins that the certificate is valid for.
*
* **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
*
@ -16786,9 +16786,9 @@ export interface Browser extends EventEmitter {
*/
clientCertificates?: Array<{
/**
* Glob pattern to match the URLs that the certificate is valid for.
* Glob pattern to match against the request origin that the certificate is valid for.
*/
url: string;
origin: string;
/**
* Path to the file with the certificate in PEM format.
@ -20226,8 +20226,8 @@ export interface BrowserContextOptions {
*
* An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
* single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
* certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
* with a glob pattern to match the URLs that the certificate is valid for.
* certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
* provided with a glob pattern to match the origins that the certificate is valid for.
*
* **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
*
@ -20236,9 +20236,9 @@ export interface BrowserContextOptions {
*/
clientCertificates?: Array<{
/**
* Glob pattern to match the URLs that the certificate is valid for.
* Glob pattern to match against the request origin that the certificate is valid for.
*/
url: string;
origin: string;
/**
* Path to the file with the certificate in PEM format.

View file

@ -5208,8 +5208,8 @@ export interface PlaywrightTestOptions {
*
* An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
* single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
* certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
* with a glob pattern to match the URLs that the certificate is valid for.
* certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
* provided with a glob pattern to match the origins that the certificate is valid for.
*
* **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
*
@ -5225,7 +5225,7 @@ export interface PlaywrightTestOptions {
* export default defineConfig({
* use: {
* clientCertificates: [{
* url: 'https://example.com',
* origin: 'https://example.com',
* certPath: './cert.pem',
* keyPath: './key.pem',
* passphrase: 'mysecretpassword',

View file

@ -582,7 +582,7 @@ export type PlaywrightNewRequestParams = {
ignoreHTTPSErrors?: boolean,
extraHTTPHeaders?: NameValue[],
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,
@ -613,7 +613,7 @@ export type PlaywrightNewRequestOptions = {
ignoreHTTPSErrors?: boolean,
extraHTTPHeaders?: NameValue[],
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,
@ -964,7 +964,7 @@ export type BrowserTypeLaunchPersistentContextParams = {
},
ignoreHTTPSErrors?: boolean,
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,
@ -1044,7 +1044,7 @@ export type BrowserTypeLaunchPersistentContextOptions = {
},
ignoreHTTPSErrors?: boolean,
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,
@ -1159,7 +1159,7 @@ export type BrowserNewContextParams = {
},
ignoreHTTPSErrors?: boolean,
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,
@ -1225,7 +1225,7 @@ export type BrowserNewContextOptions = {
},
ignoreHTTPSErrors?: boolean,
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,
@ -1294,7 +1294,7 @@ export type BrowserNewContextForReuseParams = {
},
ignoreHTTPSErrors?: boolean,
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,
@ -1360,7 +1360,7 @@ export type BrowserNewContextForReuseOptions = {
},
ignoreHTTPSErrors?: boolean,
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,
@ -4566,7 +4566,7 @@ export type AndroidDeviceLaunchBrowserParams = {
},
ignoreHTTPSErrors?: boolean,
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,
@ -4630,7 +4630,7 @@ export type AndroidDeviceLaunchBrowserOptions = {
},
ignoreHTTPSErrors?: boolean,
clientCertificates?: {
url: string,
origin: string,
cert?: Binary,
key?: Binary,
passphrase?: string,

View file

@ -445,7 +445,7 @@ ContextOptions:
items:
type: object
properties:
url: string
origin: string
cert: binary?
key: binary?
passphrase: string?
@ -695,7 +695,7 @@ Playwright:
items:
type: object
properties:
url: string
origin: string
cert: binary?
key: binary?
passphrase: string?

View file

@ -79,10 +79,10 @@ test.skip(({ mode }) => mode !== 'default');
const kDummyFileName = __filename;
const kValidationSubTests: [BrowserContextOptions, string][] = [
[{ clientCertificates: [{ url: 'test' }] }, 'None of cert, key, passphrase or pfx is specified'],
[{ clientCertificates: [{ origin: 'test' }] }, 'None of cert, key, passphrase or pfx is specified'],
[{
clientCertificates: [{
url: 'test',
origin: 'test',
certPath: kDummyFileName,
keyPath: kDummyFileName,
pfxPath: kDummyFileName,
@ -92,7 +92,7 @@ const kValidationSubTests: [BrowserContextOptions, string][] = [
[{
proxy: { server: 'http://localhost:8080' },
clientCertificates: [{
url: 'test',
origin: 'test',
certPath: kDummyFileName,
keyPath: kDummyFileName,
}]
@ -117,7 +117,7 @@ test.describe('fetch', () => {
test('should keep supporting http', async ({ playwright, server, asset }) => {
const request = await playwright.request.newContext({
clientCertificates: [{
url: server.PREFIX,
origin: new URL(server.PREFIX).origin,
certPath: asset('client-certificates/client/trusted/cert.pem'),
keyPath: asset('client-certificates/client/trusted/key.pem'),
}],
@ -133,7 +133,7 @@ test.describe('fetch', () => {
const serverURL = await startCCServer();
const request = await playwright.request.newContext({
clientCertificates: [{
url: serverURL,
origin: new URL(serverURL).origin,
certPath: asset('client-certificates/client/self-signed/cert.pem'),
keyPath: asset('client-certificates/client/self-signed/key.pem'),
}],
@ -149,7 +149,7 @@ test.describe('fetch', () => {
const serverURL = await startCCServer();
const request = await playwright.request.newContext({
clientCertificates: [{
url: serverURL,
origin: new URL(serverURL).origin,
certPath: asset('client-certificates/client/trusted/cert.pem'),
keyPath: asset('client-certificates/client/trusted/key.pem'),
}],
@ -165,7 +165,7 @@ test.describe('fetch', () => {
const serverURL = await startCCServer();
const request = await playwright.request.newContext({
clientCertificates: [{
url: serverURL,
origin: new URL(serverURL).origin,
certPath: asset('client-certificates/client/trusted/cert.pem'),
keyPath: asset('client-certificates/client/trusted/key.pem'),
}],
@ -192,7 +192,7 @@ test.describe('browser', () => {
test('should keep supporting http', async ({ browser, server, asset }) => {
const page = await browser.newPage({
clientCertificates: [{
url: server.PREFIX,
origin: new URL(server.PREFIX).origin,
certPath: asset('client-certificates/client/trusted/cert.pem'),
keyPath: asset('client-certificates/client/trusted/key.pem'),
}],
@ -207,7 +207,7 @@ test.describe('browser', () => {
const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
const page = await browser.newPage({
clientCertificates: [{
url: 'https://not-matching.com',
origin: 'https://not-matching.com',
certPath: asset('client-certificates/client/trusted/cert.pem'),
keyPath: asset('client-certificates/client/trusted/key.pem'),
}],
@ -221,7 +221,7 @@ test.describe('browser', () => {
const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
const page = await browser.newPage({
clientCertificates: [{
url: serverURL,
origin: new URL(serverURL).origin,
certPath: asset('client-certificates/client/self-signed/cert.pem'),
keyPath: asset('client-certificates/client/self-signed/key.pem'),
}],
@ -235,7 +235,7 @@ test.describe('browser', () => {
const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
const page = await browser.newPage({
clientCertificates: [{
url: serverURL,
origin: new URL(serverURL).origin,
certPath: asset('client-certificates/client/trusted/cert.pem'),
keyPath: asset('client-certificates/client/trusted/key.pem'),
}],
@ -248,7 +248,7 @@ test.describe('browser', () => {
test('should have ignoreHTTPSErrors=false by default', async ({ browser, httpsServer, asset, browserName, platform }) => {
const page = await browser.newPage({
clientCertificates: [{
url: 'https://just-there-that-the-client-certificates-proxy-server-is-getting-launched.com',
origin: 'https://just-there-that-the-client-certificates-proxy-server-is-getting-launched.com',
certPath: asset('client-certificates/client/trusted/cert.pem'),
keyPath: asset('client-certificates/client/trusted/key.pem'),
}],
@ -269,7 +269,7 @@ test.describe('browser', () => {
const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
const { page } = await launchPersistent({
clientCertificates: [{
url: serverURL,
origin: new URL(serverURL).origin,
certPath: asset('client-certificates/client/trusted/cert.pem'),
keyPath: asset('client-certificates/client/trusted/key.pem'),
}],