From 172baf90ec7f342c9866f31d844fe84cd5becb09 Mon Sep 17 00:00:00 2001 From: Max Schmitt Date: Tue, 23 Jul 2024 20:22:57 +0200 Subject: [PATCH] url -> origin --- docs/src/api/params.md | 4 +-- docs/src/test-api/class-testoptions.md | 2 +- .../src/client/browserContext.ts | 2 +- packages/playwright-core/src/client/types.ts | 2 +- .../playwright-core/src/protocol/validator.ts | 10 +++--- .../src/server/browserContext.ts | 4 +-- packages/playwright-core/src/server/fetch.ts | 4 +-- .../socksClientCertificatesInterceptor.ts | 4 +-- packages/playwright-core/types/types.d.ts | 32 +++++++++---------- packages/playwright/types/test.d.ts | 6 ++-- packages/protocol/src/channels.ts | 20 ++++++------ packages/protocol/src/protocol.yml | 4 +-- tests/library/client-certificates.spec.ts | 26 +++++++-------- 13 files changed, 60 insertions(+), 60 deletions(-) diff --git a/docs/src/api/params.md b/docs/src/api/params.md index 8aadbbe078..487270d79e 100644 --- a/docs/src/api/params.md +++ b/docs/src/api/params.md @@ -523,7 +523,7 @@ Does not enforce fixed viewport, allows resizing window in the headed mode. ## context-option-clientCertificates - `clientCertificates` <[Array]<[Object]>> - - `url` <[string]> Glob pattern to match the URLs that the certificate is valid for. + - `origin` <[string]> Glob pattern to match against the request origin that the certificate is valid for. - `certPath` ?<[string]> Path to the file with the certificate in PEM format. - `keyPath` ?<[string]> Path to the file with the private key in PEM format. - `pfxPath` ?<[string]> Path to the PFX or PKCS12 encoded private key and certificate chain. @@ -533,7 +533,7 @@ TLS Client Authentication allows the server to request a client certificate and **Details** -An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided with a glob pattern to match the URLs that the certificate is valid for. +An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be provided with a glob pattern to match the origins that the certificate is valid for. :::note Using Client Certificates in combination with Proxy Servers is not supported. diff --git a/docs/src/test-api/class-testoptions.md b/docs/src/test-api/class-testoptions.md index 67a6339d50..47bfd1f377 100644 --- a/docs/src/test-api/class-testoptions.md +++ b/docs/src/test-api/class-testoptions.md @@ -150,7 +150,7 @@ import { defineConfig } from '@playwright/test'; export default defineConfig({ use: { clientCertificates: [{ - url: 'https://example.com', + origin: 'https://example.com', certPath: './cert.pem', keyPath: './key.pem', passphrase: 'mysecretpassword', diff --git a/packages/playwright-core/src/client/browserContext.ts b/packages/playwright-core/src/client/browserContext.ts index 8a1cd7309d..3eb8214ca5 100644 --- a/packages/playwright-core/src/client/browserContext.ts +++ b/packages/playwright-core/src/client/browserContext.ts @@ -555,7 +555,7 @@ export async function toClientCertificatesProtocol(certs?: BrowserContextOptions return undefined; return await Promise.all(certs.map(async cert => { return { - url: cert.url, + origin: cert.origin, cert: cert.certPath ? await fs.promises.readFile(cert.certPath) : undefined, key: cert.keyPath ? await fs.promises.readFile(cert.keyPath) : undefined, pfx: cert.pfxPath ? await fs.promises.readFile(cert.pfxPath) : undefined, diff --git a/packages/playwright-core/src/client/types.ts b/packages/playwright-core/src/client/types.ts index 0e9b0e9a38..1eb28f38c9 100644 --- a/packages/playwright-core/src/client/types.ts +++ b/packages/playwright-core/src/client/types.ts @@ -48,7 +48,7 @@ export type LifecycleEvent = channels.LifecycleEvent; export const kLifecycleEvents: Set = new Set(['load', 'domcontentloaded', 'networkidle', 'commit']); export type ClientCertificate = { - url: string; + origin: string; certPath?: string; keyPath?: string; pfxPath?: string; diff --git a/packages/playwright-core/src/protocol/validator.ts b/packages/playwright-core/src/protocol/validator.ts index 42b5354e8f..81755c79bc 100644 --- a/packages/playwright-core/src/protocol/validator.ts +++ b/packages/playwright-core/src/protocol/validator.ts @@ -337,7 +337,7 @@ scheme.PlaywrightNewRequestParams = tObject({ ignoreHTTPSErrors: tOptional(tBoolean), extraHTTPHeaders: tOptional(tArray(tType('NameValue'))), clientCertificates: tOptional(tArray(tObject({ - url: tString, + origin: tString, cert: tOptional(tBinary), key: tOptional(tBinary), passphrase: tOptional(tString), @@ -545,7 +545,7 @@ scheme.BrowserTypeLaunchPersistentContextParams = tObject({ })), ignoreHTTPSErrors: tOptional(tBoolean), clientCertificates: tOptional(tArray(tObject({ - url: tString, + origin: tString, cert: tOptional(tBinary), key: tOptional(tBinary), passphrase: tOptional(tString), @@ -631,7 +631,7 @@ scheme.BrowserNewContextParams = tObject({ })), ignoreHTTPSErrors: tOptional(tBoolean), clientCertificates: tOptional(tArray(tObject({ - url: tString, + origin: tString, cert: tOptional(tBinary), key: tOptional(tBinary), passphrase: tOptional(tString), @@ -700,7 +700,7 @@ scheme.BrowserNewContextForReuseParams = tObject({ })), ignoreHTTPSErrors: tOptional(tBoolean), clientCertificates: tOptional(tArray(tObject({ - url: tString, + origin: tString, cert: tOptional(tBinary), key: tOptional(tBinary), passphrase: tOptional(tString), @@ -2518,7 +2518,7 @@ scheme.AndroidDeviceLaunchBrowserParams = tObject({ })), ignoreHTTPSErrors: tOptional(tBoolean), clientCertificates: tOptional(tArray(tObject({ - url: tString, + origin: tString, cert: tOptional(tBinary), key: tOptional(tBinary), passphrase: tOptional(tString), diff --git a/packages/playwright-core/src/server/browserContext.ts b/packages/playwright-core/src/server/browserContext.ts index 056bc9e1b4..da21dff708 100644 --- a/packages/playwright-core/src/server/browserContext.ts +++ b/packages/playwright-core/src/server/browserContext.ts @@ -726,8 +726,8 @@ export function verifyClientCertificates(clientCertificates?: channels.BrowserNe if (!clientCertificates) return; for (const cert of clientCertificates) { - if (!cert.url) - throw new Error(`clientCertificates.url is required`); + if (!cert.origin) + throw new Error(`clientCertificates.origin is required`); if (!cert.cert && !cert.key && !cert.passphrase && !cert.pfx) throw new Error('None of cert, key, passphrase or pfx is specified'); if (cert.cert && !cert.key) diff --git a/packages/playwright-core/src/server/fetch.ts b/packages/playwright-core/src/server/fetch.ts index 12c67624c8..7a184e78a8 100644 --- a/packages/playwright-core/src/server/fetch.ts +++ b/packages/playwright-core/src/server/fetch.ts @@ -193,7 +193,7 @@ export abstract class APIRequestContext extends SdkObject { maxRedirects: params.maxRedirects === 0 ? -1 : params.maxRedirects === undefined ? 20 : params.maxRedirects, timeout, deadline, - ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, requestUrl.toString()), + ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, requestUrl.origin), __testHookLookup: (params as any).__testHookLookup, }; if (process.env.PWTEST_UNSUPPORTED_CUSTOM_CA && isUnderTest()) @@ -357,7 +357,7 @@ export abstract class APIRequestContext extends SdkObject { maxRedirects: options.maxRedirects - 1, timeout: options.timeout, deadline: options.deadline, - ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, url.toString()), + ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, url.origin), __testHookLookup: options.__testHookLookup, }; // rejectUnauthorized = undefined is treated as true in node 12. diff --git a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts index 04770cd528..9591927c0a 100644 --- a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts +++ b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts @@ -97,7 +97,7 @@ class SocksProxyConnection { host: this.host, port: this.port, rejectUnauthorized: !this.socksProxy.ignoreHTTPSErrors, - ...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, `https://${this.host}:${this.port}/`), + ...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, `https://${this.host}:${this.port}`), }; if (!net.isIP(this.host)) tlsOptions.servername = this.host; @@ -183,7 +183,7 @@ export function clientCertificatesToTLSOptions( const matchingCerts = clientCertificates?.filter(c => { let regex: RegExp | undefined = (c as any)[kClientCertificatesGlobRegex]; if (!regex) { - regex = globToRegex(c.url); + regex = globToRegex(c.origin); (c as any)[kClientCertificatesGlobRegex] = regex; } regex.lastIndex = 0; diff --git a/packages/playwright-core/types/types.d.ts b/packages/playwright-core/types/types.d.ts index 0d38ca7c2b..d207756459 100644 --- a/packages/playwright-core/types/types.d.ts +++ b/packages/playwright-core/types/types.d.ts @@ -13172,8 +13172,8 @@ export interface BrowserType { * * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the - * certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided - * with a glob pattern to match the URLs that the certificate is valid for. + * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be + * provided with a glob pattern to match the origins that the certificate is valid for. * * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported. * @@ -13182,9 +13182,9 @@ export interface BrowserType { */ clientCertificates?: Array<{ /** - * Glob pattern to match the URLs that the certificate is valid for. + * Glob pattern to match against the request origin that the certificate is valid for. */ - url: string; + origin: string; /** * Path to the file with the certificate in PEM format. @@ -15583,8 +15583,8 @@ export interface APIRequest { * * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the - * certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided - * with a glob pattern to match the URLs that the certificate is valid for. + * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be + * provided with a glob pattern to match the origins that the certificate is valid for. * * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported. * @@ -15593,9 +15593,9 @@ export interface APIRequest { */ clientCertificates?: Array<{ /** - * Glob pattern to match the URLs that the certificate is valid for. + * Glob pattern to match against the request origin that the certificate is valid for. */ - url: string; + origin: string; /** * Path to the file with the certificate in PEM format. @@ -16776,8 +16776,8 @@ export interface Browser extends EventEmitter { * * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the - * certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided - * with a glob pattern to match the URLs that the certificate is valid for. + * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be + * provided with a glob pattern to match the origins that the certificate is valid for. * * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported. * @@ -16786,9 +16786,9 @@ export interface Browser extends EventEmitter { */ clientCertificates?: Array<{ /** - * Glob pattern to match the URLs that the certificate is valid for. + * Glob pattern to match against the request origin that the certificate is valid for. */ - url: string; + origin: string; /** * Path to the file with the certificate in PEM format. @@ -20226,8 +20226,8 @@ export interface BrowserContextOptions { * * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the - * certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided - * with a glob pattern to match the URLs that the certificate is valid for. + * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be + * provided with a glob pattern to match the origins that the certificate is valid for. * * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported. * @@ -20236,9 +20236,9 @@ export interface BrowserContextOptions { */ clientCertificates?: Array<{ /** - * Glob pattern to match the URLs that the certificate is valid for. + * Glob pattern to match against the request origin that the certificate is valid for. */ - url: string; + origin: string; /** * Path to the file with the certificate in PEM format. diff --git a/packages/playwright/types/test.d.ts b/packages/playwright/types/test.d.ts index e7cee67b65..f1f9ee32dd 100644 --- a/packages/playwright/types/test.d.ts +++ b/packages/playwright/types/test.d.ts @@ -5208,8 +5208,8 @@ export interface PlaywrightTestOptions { * * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the - * certficiate is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided - * with a glob pattern to match the URLs that the certificate is valid for. + * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be + * provided with a glob pattern to match the origins that the certificate is valid for. * * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported. * @@ -5225,7 +5225,7 @@ export interface PlaywrightTestOptions { * export default defineConfig({ * use: { * clientCertificates: [{ - * url: 'https://example.com', + * origin: 'https://example.com', * certPath: './cert.pem', * keyPath: './key.pem', * passphrase: 'mysecretpassword', diff --git a/packages/protocol/src/channels.ts b/packages/protocol/src/channels.ts index 00ce092d2c..f3e0a2c35a 100644 --- a/packages/protocol/src/channels.ts +++ b/packages/protocol/src/channels.ts @@ -582,7 +582,7 @@ export type PlaywrightNewRequestParams = { ignoreHTTPSErrors?: boolean, extraHTTPHeaders?: NameValue[], clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, @@ -613,7 +613,7 @@ export type PlaywrightNewRequestOptions = { ignoreHTTPSErrors?: boolean, extraHTTPHeaders?: NameValue[], clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, @@ -964,7 +964,7 @@ export type BrowserTypeLaunchPersistentContextParams = { }, ignoreHTTPSErrors?: boolean, clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, @@ -1044,7 +1044,7 @@ export type BrowserTypeLaunchPersistentContextOptions = { }, ignoreHTTPSErrors?: boolean, clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, @@ -1159,7 +1159,7 @@ export type BrowserNewContextParams = { }, ignoreHTTPSErrors?: boolean, clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, @@ -1225,7 +1225,7 @@ export type BrowserNewContextOptions = { }, ignoreHTTPSErrors?: boolean, clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, @@ -1294,7 +1294,7 @@ export type BrowserNewContextForReuseParams = { }, ignoreHTTPSErrors?: boolean, clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, @@ -1360,7 +1360,7 @@ export type BrowserNewContextForReuseOptions = { }, ignoreHTTPSErrors?: boolean, clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, @@ -4566,7 +4566,7 @@ export type AndroidDeviceLaunchBrowserParams = { }, ignoreHTTPSErrors?: boolean, clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, @@ -4630,7 +4630,7 @@ export type AndroidDeviceLaunchBrowserOptions = { }, ignoreHTTPSErrors?: boolean, clientCertificates?: { - url: string, + origin: string, cert?: Binary, key?: Binary, passphrase?: string, diff --git a/packages/protocol/src/protocol.yml b/packages/protocol/src/protocol.yml index 7e986cd96a..4c25212c57 100644 --- a/packages/protocol/src/protocol.yml +++ b/packages/protocol/src/protocol.yml @@ -445,7 +445,7 @@ ContextOptions: items: type: object properties: - url: string + origin: string cert: binary? key: binary? passphrase: string? @@ -695,7 +695,7 @@ Playwright: items: type: object properties: - url: string + origin: string cert: binary? key: binary? passphrase: string? diff --git a/tests/library/client-certificates.spec.ts b/tests/library/client-certificates.spec.ts index fff370b595..712929b96b 100644 --- a/tests/library/client-certificates.spec.ts +++ b/tests/library/client-certificates.spec.ts @@ -79,10 +79,10 @@ test.skip(({ mode }) => mode !== 'default'); const kDummyFileName = __filename; const kValidationSubTests: [BrowserContextOptions, string][] = [ - [{ clientCertificates: [{ url: 'test' }] }, 'None of cert, key, passphrase or pfx is specified'], + [{ clientCertificates: [{ origin: 'test' }] }, 'None of cert, key, passphrase or pfx is specified'], [{ clientCertificates: [{ - url: 'test', + origin: 'test', certPath: kDummyFileName, keyPath: kDummyFileName, pfxPath: kDummyFileName, @@ -92,7 +92,7 @@ const kValidationSubTests: [BrowserContextOptions, string][] = [ [{ proxy: { server: 'http://localhost:8080' }, clientCertificates: [{ - url: 'test', + origin: 'test', certPath: kDummyFileName, keyPath: kDummyFileName, }] @@ -117,7 +117,7 @@ test.describe('fetch', () => { test('should keep supporting http', async ({ playwright, server, asset }) => { const request = await playwright.request.newContext({ clientCertificates: [{ - url: server.PREFIX, + origin: new URL(server.PREFIX).origin, certPath: asset('client-certificates/client/trusted/cert.pem'), keyPath: asset('client-certificates/client/trusted/key.pem'), }], @@ -133,7 +133,7 @@ test.describe('fetch', () => { const serverURL = await startCCServer(); const request = await playwright.request.newContext({ clientCertificates: [{ - url: serverURL, + origin: new URL(serverURL).origin, certPath: asset('client-certificates/client/self-signed/cert.pem'), keyPath: asset('client-certificates/client/self-signed/key.pem'), }], @@ -149,7 +149,7 @@ test.describe('fetch', () => { const serverURL = await startCCServer(); const request = await playwright.request.newContext({ clientCertificates: [{ - url: serverURL, + origin: new URL(serverURL).origin, certPath: asset('client-certificates/client/trusted/cert.pem'), keyPath: asset('client-certificates/client/trusted/key.pem'), }], @@ -165,7 +165,7 @@ test.describe('fetch', () => { const serverURL = await startCCServer(); const request = await playwright.request.newContext({ clientCertificates: [{ - url: serverURL, + origin: new URL(serverURL).origin, certPath: asset('client-certificates/client/trusted/cert.pem'), keyPath: asset('client-certificates/client/trusted/key.pem'), }], @@ -192,7 +192,7 @@ test.describe('browser', () => { test('should keep supporting http', async ({ browser, server, asset }) => { const page = await browser.newPage({ clientCertificates: [{ - url: server.PREFIX, + origin: new URL(server.PREFIX).origin, certPath: asset('client-certificates/client/trusted/cert.pem'), keyPath: asset('client-certificates/client/trusted/key.pem'), }], @@ -207,7 +207,7 @@ test.describe('browser', () => { const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' }); const page = await browser.newPage({ clientCertificates: [{ - url: 'https://not-matching.com', + origin: 'https://not-matching.com', certPath: asset('client-certificates/client/trusted/cert.pem'), keyPath: asset('client-certificates/client/trusted/key.pem'), }], @@ -221,7 +221,7 @@ test.describe('browser', () => { const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' }); const page = await browser.newPage({ clientCertificates: [{ - url: serverURL, + origin: new URL(serverURL).origin, certPath: asset('client-certificates/client/self-signed/cert.pem'), keyPath: asset('client-certificates/client/self-signed/key.pem'), }], @@ -235,7 +235,7 @@ test.describe('browser', () => { const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' }); const page = await browser.newPage({ clientCertificates: [{ - url: serverURL, + origin: new URL(serverURL).origin, certPath: asset('client-certificates/client/trusted/cert.pem'), keyPath: asset('client-certificates/client/trusted/key.pem'), }], @@ -248,7 +248,7 @@ test.describe('browser', () => { test('should have ignoreHTTPSErrors=false by default', async ({ browser, httpsServer, asset, browserName, platform }) => { const page = await browser.newPage({ clientCertificates: [{ - url: 'https://just-there-that-the-client-certificates-proxy-server-is-getting-launched.com', + origin: 'https://just-there-that-the-client-certificates-proxy-server-is-getting-launched.com', certPath: asset('client-certificates/client/trusted/cert.pem'), keyPath: asset('client-certificates/client/trusted/key.pem'), }], @@ -269,7 +269,7 @@ test.describe('browser', () => { const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' }); const { page } = await launchPersistent({ clientCertificates: [{ - url: serverURL, + origin: new URL(serverURL).origin, certPath: asset('client-certificates/client/trusted/cert.pem'), keyPath: asset('client-certificates/client/trusted/key.pem'), }],