From 64e4a9b0ebe5cb89abc1fd315b2a021d06fe80eb Mon Sep 17 00:00:00 2001 From: Max Schmitt Date: Tue, 30 Jul 2024 12:31:50 +0200 Subject: [PATCH] cherry-pick(#31913): fix(client-certificates): use matching origin for connections on :443 Motivation: When using client-certificates on a website on port `443`, we would normalise the user input with `new URL` but still generate a "bad" representation of the "origin" internally, since the just do concatenated "host:port". (The origin doesn't contain the port in case of :443) We use `clientCertificatesToTLSOptions` in two places: a) for APIRequestContext, there we pass one from the URL constructor over and b) from the socks proxy, there we **now** also pass a "good one" over. Test plan: We don't want to run the tests on port :443, so only manually validated the fix. Relates https://github.com/microsoft/playwright/issues/31906 --- .../src/server/socksClientCertificatesInterceptor.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts index cd78c11e40..c54f1069a7 100644 --- a/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts +++ b/packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts @@ -148,7 +148,7 @@ class SocksProxyConnection { port: this.port, rejectUnauthorized: !this.socksProxy.ignoreHTTPSErrors, ALPNProtocols: [internalTLS.alpnProtocol || 'http/1.1'], - ...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, `https://${this.host}:${this.port}`), + ...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, new URL(`https://${this.host}:${this.port}`).origin), }; if (!net.isIP(this.host)) tlsOptions.servername = this.host;