chore: client certificates api review (#31826)

docs/src/api/params.md

@@ -523,14 +523,17 @@ Does not enforce fixed viewport, allows resizing window in the headed mode.
 
 ## context-option-clientCertificates
 - `clientCertificates` <[Array]<[Object]>>
-  - `url` <[string]> Glob pattern to match the URLs that the certificate is valid for.
+  - `origin` <[string]> Glob pattern to match against the request origin that the certificate is valid for.
-  - `certs` <[Array]<[Object]>> List of client certificates to be used.
   - `certPath` ?<[string]> Path to the file with the certificate in PEM format.
   - `keyPath` ?<[string]> Path to the file with the private key in PEM format.
   - `pfxPath` ?<[string]> Path to the PFX or PKCS12 encoded private key and certificate chain.
   - `passphrase` ?<[string]> Passphrase for the private key (PEM or PFX).
 
-An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the private key is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided with a glob pattern to match the URLs that the certificate is valid for.
+TLS Client Authentication allows the server to request a client certificate and verify it.
+
+**Details**
+
+An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be provided with a glob pattern to match the origins that the certificate is valid for.
 
 :::note
 Using Client Certificates in combination with Proxy Servers is not supported.

docs/src/test-api/class-testoptions.md

@@ -148,22 +148,14 @@ export default defineConfig({
 import { defineConfig } from '@playwright/test';
 
 export default defineConfig({
-  projects: [
-    {
-      name: 'Microsoft Edge',
   use: {
-        ...devices['Desktop Edge'],
     clientCertificates: [{
-          url: 'https://example.com/**',
+      origin: 'https://example.com',
-          certs: [{
       certPath: './cert.pem',
       keyPath: './key.pem',
       passphrase: 'mysecretpassword',
     }],
-        }],
   },
-    },
-  ]
 });
 ```
 

packages/playwright-core/src/client/browserContext.ts

@@ -550,20 +550,16 @@ function toAcceptDownloadsProtocol(acceptDownloads?: boolean) {
   return 'deny';
 }
 
-export async function toClientCertificatesProtocol(clientCertificates?: BrowserContextOptions['clientCertificates']): Promise<channels.PlaywrightNewRequestParams['clientCertificates']> {
+export async function toClientCertificatesProtocol(certs?: BrowserContextOptions['clientCertificates']): Promise<channels.PlaywrightNewRequestParams['clientCertificates']> {
-  if (!clientCertificates)
+  if (!certs)
     return undefined;
-  return await Promise.all(clientCertificates.map(async clientCertificate => {
+  return await Promise.all(certs.map(async cert => {
-    return {
-      url: clientCertificate.url,
-      certs: await Promise.all(clientCertificate.certs.map(async cert => {
     return {
+      origin: cert.origin,
       cert: cert.certPath ? await fs.promises.readFile(cert.certPath) : undefined,
       key: cert.keyPath ? await fs.promises.readFile(cert.keyPath) : undefined,
       pfx: cert.pfxPath ? await fs.promises.readFile(cert.pfxPath) : undefined,
       passphrase: cert.passphrase,
     };
-      }))
-    };
   }));
 }

packages/playwright-core/src/client/types.ts

@@ -48,13 +48,11 @@ export type LifecycleEvent = channels.LifecycleEvent;
 export const kLifecycleEvents: Set<LifecycleEvent> = new Set(['load', 'domcontentloaded', 'networkidle', 'commit']);
 
 export type ClientCertificate = {
-  url: string;
+  origin: string;
-  certs: {
   certPath?: string;
   keyPath?: string;
   pfxPath?: string;
   passphrase?: string;
-  }[];
 };
 
 export type BrowserContextOptions = Omit<channels.BrowserNewContextOptions, 'viewport' | 'noDefaultViewport' | 'extraHTTPHeaders' | 'clientCertificates' | 'storageState' | 'recordHar' | 'colorScheme' | 'reducedMotion' | 'forcedColors' | 'acceptDownloads'> & {

packages/playwright-core/src/protocol/validator.ts

@@ -337,13 +337,11 @@ scheme.PlaywrightNewRequestParams = tObject({
   ignoreHTTPSErrors: tOptional(tBoolean),
   extraHTTPHeaders: tOptional(tArray(tType('NameValue'))),
   clientCertificates: tOptional(tArray(tObject({
-    url: tString,
+    origin: tString,
-    certs: tArray(tObject({
     cert: tOptional(tBinary),
     key: tOptional(tBinary),
     passphrase: tOptional(tString),
     pfx: tOptional(tBinary),
-    })),
   }))),
   httpCredentials: tOptional(tObject({
     username: tString,
@@ -547,13 +545,11 @@ scheme.BrowserTypeLaunchPersistentContextParams = tObject({
   })),
   ignoreHTTPSErrors: tOptional(tBoolean),
   clientCertificates: tOptional(tArray(tObject({
-    url: tString,
+    origin: tString,
-    certs: tArray(tObject({
     cert: tOptional(tBinary),
     key: tOptional(tBinary),
     passphrase: tOptional(tString),
     pfx: tOptional(tBinary),
-    })),
   }))),
   javaScriptEnabled: tOptional(tBoolean),
   bypassCSP: tOptional(tBoolean),
@@ -635,13 +631,11 @@ scheme.BrowserNewContextParams = tObject({
   })),
   ignoreHTTPSErrors: tOptional(tBoolean),
   clientCertificates: tOptional(tArray(tObject({
-    url: tString,
+    origin: tString,
-    certs: tArray(tObject({
     cert: tOptional(tBinary),
     key: tOptional(tBinary),
     passphrase: tOptional(tString),
     pfx: tOptional(tBinary),
-    })),
   }))),
   javaScriptEnabled: tOptional(tBoolean),
   bypassCSP: tOptional(tBoolean),
@@ -706,13 +700,11 @@ scheme.BrowserNewContextForReuseParams = tObject({
   })),
   ignoreHTTPSErrors: tOptional(tBoolean),
   clientCertificates: tOptional(tArray(tObject({
-    url: tString,
+    origin: tString,
-    certs: tArray(tObject({
     cert: tOptional(tBinary),
     key: tOptional(tBinary),
     passphrase: tOptional(tString),
     pfx: tOptional(tBinary),
-    })),
   }))),
   javaScriptEnabled: tOptional(tBoolean),
   bypassCSP: tOptional(tBoolean),
@@ -2526,13 +2518,11 @@ scheme.AndroidDeviceLaunchBrowserParams = tObject({
   })),
   ignoreHTTPSErrors: tOptional(tBoolean),
   clientCertificates: tOptional(tArray(tObject({
-    url: tString,
+    origin: tString,
-    certs: tArray(tObject({
     cert: tOptional(tBinary),
     key: tOptional(tBinary),
     passphrase: tOptional(tString),
     pfx: tOptional(tBinary),
-    })),
   }))),
   javaScriptEnabled: tOptional(tBoolean),
   bypassCSP: tOptional(tBoolean),

packages/playwright-core/src/server/browserContext.ts

@@ -725,12 +725,9 @@ export function verifyGeolocation(geolocation?: types.Geolocation) {
 export function verifyClientCertificates(clientCertificates?: channels.BrowserNewContextParams['clientCertificates']) {
   if (!clientCertificates)
     return;
-  for (const { url, certs } of clientCertificates) {
+  for (const cert of clientCertificates) {
-    if (!url)
+    if (!cert.origin)
-      throw new Error(`clientCertificates.url is required`);
+      throw new Error(`clientCertificates.origin is required`);
-    if (!certs.length)
-      throw new Error('No certs specified for url: ' + url);
-    for (const cert of certs) {
     if (!cert.cert && !cert.key && !cert.passphrase && !cert.pfx)
       throw new Error('None of cert, key, passphrase or pfx is specified');
     if (cert.cert && !cert.key)
@@ -740,7 +737,6 @@ export function verifyClientCertificates(clientCertificates?: channels.BrowserNe
     if (cert.pfx && (cert.cert || cert.key))
       throw new Error('pfx is specified together with cert, key or passphrase');
   }
-  }
 }
 
 export function normalizeProxySettings(proxy: types.ProxySettings): types.ProxySettings {

packages/playwright-core/src/server/fetch.ts

@@ -193,7 +193,7 @@ export abstract class APIRequestContext extends SdkObject {
       maxRedirects: params.maxRedirects === 0 ? -1 : params.maxRedirects === undefined ? 20 : params.maxRedirects,
       timeout,
       deadline,
-      ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, requestUrl.toString()),
+      ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, requestUrl.origin),
       __testHookLookup: (params as any).__testHookLookup,
     };
     if (process.env.PWTEST_UNSUPPORTED_CUSTOM_CA && isUnderTest())
@@ -357,7 +357,7 @@ export abstract class APIRequestContext extends SdkObject {
             maxRedirects: options.maxRedirects - 1,
             timeout: options.timeout,
             deadline: options.deadline,
-            ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, url.toString()),
+            ...clientCertificatesToTLSOptions(this._defaultOptions().clientCertificates, url.origin),
             __testHookLookup: options.__testHookLookup,
           };
           // rejectUnauthorized = undefined is treated as true in node 12.

packages/playwright-core/src/server/socksClientCertificatesInterceptor.ts

@@ -97,7 +97,7 @@ class SocksProxyConnection {
         host: this.host,
         port: this.port,
         rejectUnauthorized: !this.socksProxy.ignoreHTTPSErrors,
-        ...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, `https://${this.host}:${this.port}/`),
+        ...clientCertificatesToTLSOptions(this.socksProxy.clientCertificates, `https://${this.host}:${this.port}`),
       };
       if (!net.isIP(this.host))
         tlsOptions.servername = this.host;
@@ -183,7 +183,7 @@ export function clientCertificatesToTLSOptions(
   const matchingCerts = clientCertificates?.filter(c => {
     let regex: RegExp | undefined = (c as any)[kClientCertificatesGlobRegex];
     if (!regex) {
-      regex = globToRegex(c.url);
+      regex = globToRegex(c.origin);
       (c as any)[kClientCertificatesGlobRegex] = regex;
     }
     regex.lastIndex = 0;
@@ -196,8 +196,7 @@ export function clientCertificatesToTLSOptions(
     key: [] as { pem: Buffer, passphrase?: string }[],
     cert: [] as Buffer[],
   };
-  for (const { certs } of matchingCerts) {
+  for (const cert of matchingCerts) {
-    for (const cert of certs) {
     if (cert.cert)
       tlsOptions.cert.push(cert.cert);
     if (cert.key)
@@ -205,6 +204,5 @@ export function clientCertificatesToTLSOptions(
     if (cert.pfx)
       tlsOptions.pfx.push({ buf: cert.pfx, passphrase: cert.passphrase });
   }
-  }
   return tlsOptions;
 }

packages/playwright-core/types/types.d.ts

@@ -13166,10 +13166,14 @@ export interface BrowserType<Unused = {}> {
     chromiumSandbox?: boolean;
 
     /**
+     * TLS Client Authentication allows the server to request a client certificate and verify it.
+     *
+     * **Details**
+     *
      * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
      * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
-     * private key is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
+     * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
-     * with a glob pattern to match the URLs that the certificate is valid for.
+     * provided with a glob pattern to match the origins that the certificate is valid for.
      *
      * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
      *
@@ -13178,14 +13182,10 @@ export interface BrowserType<Unused = {}> {
      */
     clientCertificates?: Array<{
       /**
-       * Glob pattern to match the URLs that the certificate is valid for.
+       * Glob pattern to match against the request origin that the certificate is valid for.
        */
-      url: string;
+      origin: string;
 
-      /**
-       * List of client certificates to be used.
-       */
-      certs: Array<{
       /**
        * Path to the file with the certificate in PEM format.
        */
@@ -13206,7 +13206,6 @@ export interface BrowserType<Unused = {}> {
        */
       passphrase?: string;
     }>;
-    }>;
 
     /**
      * Emulates `'prefers-colors-scheme'` media feature, supported values are `'light'`, `'dark'`, `'no-preference'`. See
@@ -15578,10 +15577,14 @@ export interface APIRequest {
     baseURL?: string;
 
     /**
+     * TLS Client Authentication allows the server to request a client certificate and verify it.
+     *
+     * **Details**
+     *
      * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
      * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
-     * private key is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
+     * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
-     * with a glob pattern to match the URLs that the certificate is valid for.
+     * provided with a glob pattern to match the origins that the certificate is valid for.
      *
      * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
      *
@@ -15590,14 +15593,10 @@ export interface APIRequest {
      */
     clientCertificates?: Array<{
       /**
-       * Glob pattern to match the URLs that the certificate is valid for.
+       * Glob pattern to match against the request origin that the certificate is valid for.
        */
-      url: string;
+      origin: string;
 
-      /**
-       * List of client certificates to be used.
-       */
-      certs: Array<{
       /**
        * Path to the file with the certificate in PEM format.
        */
@@ -15618,7 +15617,6 @@ export interface APIRequest {
        */
       passphrase?: string;
     }>;
-    }>;
 
     /**
      * An object containing additional HTTP headers to be sent with every request. Defaults to none.
@@ -16772,10 +16770,14 @@ export interface Browser extends EventEmitter {
     bypassCSP?: boolean;
 
     /**
+     * TLS Client Authentication allows the server to request a client certificate and verify it.
+     *
+     * **Details**
+     *
      * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
      * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
-     * private key is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
+     * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
-     * with a glob pattern to match the URLs that the certificate is valid for.
+     * provided with a glob pattern to match the origins that the certificate is valid for.
      *
      * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
      *
@@ -16784,14 +16786,10 @@ export interface Browser extends EventEmitter {
      */
     clientCertificates?: Array<{
       /**
-       * Glob pattern to match the URLs that the certificate is valid for.
+       * Glob pattern to match against the request origin that the certificate is valid for.
        */
-      url: string;
+      origin: string;
 
-      /**
-       * List of client certificates to be used.
-       */
-      certs: Array<{
       /**
        * Path to the file with the certificate in PEM format.
        */
@@ -16812,7 +16810,6 @@ export interface Browser extends EventEmitter {
        */
       passphrase?: string;
     }>;
-    }>;
 
     /**
      * Emulates `'prefers-colors-scheme'` media feature, supported values are `'light'`, `'dark'`, `'no-preference'`. See
@@ -20223,10 +20220,14 @@ export interface BrowserContextOptions {
   bypassCSP?: boolean;
 
   /**
+   * TLS Client Authentication allows the server to request a client certificate and verify it.
+   *
+   * **Details**
+   *
    * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
    * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
-   * private key is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
+   * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
-   * with a glob pattern to match the URLs that the certificate is valid for.
+   * provided with a glob pattern to match the origins that the certificate is valid for.
    *
    * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
    *
@@ -20235,14 +20236,10 @@ export interface BrowserContextOptions {
    */
   clientCertificates?: Array<{
     /**
-     * Glob pattern to match the URLs that the certificate is valid for.
+     * Glob pattern to match against the request origin that the certificate is valid for.
      */
-    url: string;
+    origin: string;
 
-    /**
-     * List of client certificates to be used.
-     */
-    certs: Array<{
     /**
      * Path to the file with the certificate in PEM format.
      */
@@ -20263,7 +20260,6 @@ export interface BrowserContextOptions {
      */
     passphrase?: string;
   }>;
-  }>;
 
   /**
    * Emulates `'prefers-colors-scheme'` media feature, supported values are `'light'`, `'dark'`, `'no-preference'`. See

packages/playwright/src/index.ts

@@ -479,13 +479,11 @@ function resolveFileToConfig(file: string | undefined) {
 type ClientCertificates = NonNullable<PlaywrightTestOptions['clientCertificates']>;
 
 function resolveClientCerticates(clientCertificates: ClientCertificates): ClientCertificates {
-  for (const { certs } of clientCertificates) {
+  for (const cert of clientCertificates) {
-    for (const cert of certs) {
     cert.certPath = resolveFileToConfig(cert.certPath);
     cert.keyPath = resolveFileToConfig(cert.keyPath);
     cert.pfxPath = resolveFileToConfig(cert.pfxPath);
   }
-  }
   return clientCertificates;
 }
 

packages/playwright/types/test.d.ts

@@ -5202,10 +5202,14 @@ export interface PlaywrightTestOptions {
    */
   colorScheme: ColorScheme;
   /**
+   * TLS Client Authentication allows the server to request a client certificate and verify it.
+   *
+   * **Details**
+   *
    * An array of client certificates to be used. Each certificate object must have both `certPath` and `keyPath` or a
    * single `pfxPath` to load the client certificate. Optionally, `passphrase` property should be provided if the
-   * private key is encrypted. If the certificate is valid only for specific URLs, the `url` property should be provided
+   * certficiate is encrypted. If the certificate is valid only for specific origins, the `origin` property should be
-   * with a glob pattern to match the URLs that the certificate is valid for.
+   * provided with a glob pattern to match the origins that the certificate is valid for.
    *
    * **NOTE** Using Client Certificates in combination with Proxy Servers is not supported.
    *
@@ -5219,22 +5223,14 @@ export interface PlaywrightTestOptions {
    * import { defineConfig } from '@playwright/test';
    *
    * export default defineConfig({
-   *   projects: [
-   *     {
-   *       name: 'Microsoft Edge',
    *   use: {
-   *         ...devices['Desktop Edge'],
    *     clientCertificates: [{
-   *           url: 'https://example.com/**',
+   *       origin: 'https://example.com',
-   *           certs: [{
    *       certPath: './cert.pem',
    *       keyPath: './key.pem',
    *       passphrase: 'mysecretpassword',
    *     }],
-   *         }],
    *   },
-   *     },
-   *   ]
    * });
    * ```
    *

packages/protocol/src/channels.ts

@@ -582,14 +582,12 @@ export type PlaywrightNewRequestParams = {
   ignoreHTTPSErrors?: boolean,
   extraHTTPHeaders?: NameValue[],
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   httpCredentials?: {
     username: string,
     password: string,
@@ -615,14 +613,12 @@ export type PlaywrightNewRequestOptions = {
   ignoreHTTPSErrors?: boolean,
   extraHTTPHeaders?: NameValue[],
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   httpCredentials?: {
     username: string,
     password: string,
@@ -968,14 +964,12 @@ export type BrowserTypeLaunchPersistentContextParams = {
   },
   ignoreHTTPSErrors?: boolean,
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   javaScriptEnabled?: boolean,
   bypassCSP?: boolean,
   userAgent?: string,
@@ -1050,14 +1044,12 @@ export type BrowserTypeLaunchPersistentContextOptions = {
   },
   ignoreHTTPSErrors?: boolean,
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   javaScriptEnabled?: boolean,
   bypassCSP?: boolean,
   userAgent?: string,
@@ -1167,14 +1159,12 @@ export type BrowserNewContextParams = {
   },
   ignoreHTTPSErrors?: boolean,
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   javaScriptEnabled?: boolean,
   bypassCSP?: boolean,
   userAgent?: string,
@@ -1235,14 +1225,12 @@ export type BrowserNewContextOptions = {
   },
   ignoreHTTPSErrors?: boolean,
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   javaScriptEnabled?: boolean,
   bypassCSP?: boolean,
   userAgent?: string,
@@ -1306,14 +1294,12 @@ export type BrowserNewContextForReuseParams = {
   },
   ignoreHTTPSErrors?: boolean,
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   javaScriptEnabled?: boolean,
   bypassCSP?: boolean,
   userAgent?: string,
@@ -1374,14 +1360,12 @@ export type BrowserNewContextForReuseOptions = {
   },
   ignoreHTTPSErrors?: boolean,
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   javaScriptEnabled?: boolean,
   bypassCSP?: boolean,
   userAgent?: string,
@@ -4582,14 +4566,12 @@ export type AndroidDeviceLaunchBrowserParams = {
   },
   ignoreHTTPSErrors?: boolean,
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   javaScriptEnabled?: boolean,
   bypassCSP?: boolean,
   userAgent?: string,
@@ -4648,14 +4630,12 @@ export type AndroidDeviceLaunchBrowserOptions = {
   },
   ignoreHTTPSErrors?: boolean,
   clientCertificates?: {
-    url: string,
+    origin: string,
-    certs: {
     cert?: Binary,
     key?: Binary,
     passphrase?: string,
     pfx?: Binary,
   }[],
-  }[],
   javaScriptEnabled?: boolean,
   bypassCSP?: boolean,
   userAgent?: string,

packages/protocol/src/protocol.yml

@@ -445,12 +445,7 @@ ContextOptions:
       items:
         type: object
         properties:
-          url: string
+          origin: string
-          certs:
-            type: array
-            items:
-              type: object
-              properties:
           cert: binary?
           key: binary?
           passphrase: string?
@@ -700,12 +695,7 @@ Playwright:
           items:
             type: object
             properties:
-              url: string
+              origin: string
-              certs:
-                type: array
-                items:
-                  type: object
-                  properties:
               cert: binary?
               key: binary?
               passphrase: string?

tests/library/client-certificates.spec.ts

@@ -79,28 +79,23 @@ test.skip(({ mode }) => mode !== 'default');
 
 const kDummyFileName = __filename;
 const kValidationSubTests: [BrowserContextOptions, string][] = [
-  [{ clientCertificates: [{ url: 'test', certs: [] }] }, 'No certs specified for url: test'],
+  [{ clientCertificates: [{ origin: 'test' }] }, 'None of cert, key, passphrase or pfx is specified'],
-  [{ clientCertificates: [{ url: 'test', certs: [{}] }] }, 'None of cert, key, passphrase or pfx is specified'],
   [{
     clientCertificates: [{
-      url: 'test',
+      origin: 'test',
-      certs: [{
       certPath: kDummyFileName,
       keyPath: kDummyFileName,
       pfxPath: kDummyFileName,
       passphrase: kDummyFileName,
     }]
-    }]
   }, 'pfx is specified together with cert, key or passphrase'],
   [{
     proxy: { server: 'http://localhost:8080' },
     clientCertificates: [{
-      url: 'test',
+      origin: 'test',
-      certs: [{
       certPath: kDummyFileName,
       keyPath: kDummyFileName,
     }]
-    }]
   }, 'Cannot specify both proxy and clientCertificates'],
 ];
 
@@ -122,12 +117,10 @@ test.describe('fetch', () => {
   test('should keep supporting http', async ({ playwright, server, asset }) => {
     const request = await playwright.request.newContext({
       clientCertificates: [{
-        url: server.PREFIX,
+        origin: new URL(server.PREFIX).origin,
-        certs: [{
         certPath: asset('client-certificates/client/trusted/cert.pem'),
         keyPath: asset('client-certificates/client/trusted/key.pem'),
       }],
-      }],
     });
     const response = await request.get(server.PREFIX + '/one-style.html');
     expect(response.url()).toBe(server.PREFIX + '/one-style.html');
@@ -140,12 +133,10 @@ test.describe('fetch', () => {
     const serverURL = await startCCServer();
     const request = await playwright.request.newContext({
       clientCertificates: [{
-        url: serverURL,
+        origin: new URL(serverURL).origin,
-        certs: [{
         certPath: asset('client-certificates/client/self-signed/cert.pem'),
         keyPath: asset('client-certificates/client/self-signed/key.pem'),
       }],
-      }],
     });
     const response = await request.get(serverURL);
     expect(response.url()).toBe(serverURL);
@@ -158,12 +149,10 @@ test.describe('fetch', () => {
     const serverURL = await startCCServer();
     const request = await playwright.request.newContext({
       clientCertificates: [{
-        url: serverURL,
+        origin: new URL(serverURL).origin,
-        certs: [{
         certPath: asset('client-certificates/client/trusted/cert.pem'),
         keyPath: asset('client-certificates/client/trusted/key.pem'),
       }],
-      }],
     });
     const response = await request.get(serverURL);
     expect(response.url()).toBe(serverURL);
@@ -176,12 +165,10 @@ test.describe('fetch', () => {
     const serverURL = await startCCServer();
     const request = await playwright.request.newContext({
       clientCertificates: [{
-        url: serverURL,
+        origin: new URL(serverURL).origin,
-        certs: [{
         certPath: asset('client-certificates/client/trusted/cert.pem'),
         keyPath: asset('client-certificates/client/trusted/key.pem'),
       }],
-      }],
     });
     const page = await browser.newPage({ ignoreHTTPSErrors: true });
     await page.route('**/*', async route => {
@@ -205,12 +192,10 @@ test.describe('browser', () => {
   test('should keep supporting http', async ({ browser, server, asset }) => {
     const page = await browser.newPage({
       clientCertificates: [{
-        url: server.PREFIX,
+        origin: new URL(server.PREFIX).origin,
-        certs: [{
         certPath: asset('client-certificates/client/trusted/cert.pem'),
         keyPath: asset('client-certificates/client/trusted/key.pem'),
       }],
-      }],
     });
     await page.goto(server.PREFIX + '/one-style.html');
     await expect(page.getByText('hello, world!')).toBeVisible();
@@ -222,12 +207,10 @@ test.describe('browser', () => {
     const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
     const page = await browser.newPage({
       clientCertificates: [{
-        url: 'https://not-matching.com',
+        origin: 'https://not-matching.com',
-        certs: [{
         certPath: asset('client-certificates/client/trusted/cert.pem'),
         keyPath: asset('client-certificates/client/trusted/key.pem'),
       }],
-      }],
     });
     await page.goto(serverURL);
     await expect(page.getByText('Sorry, but you need to provide a client certificate to continue.')).toBeVisible();
@@ -238,12 +221,10 @@ test.describe('browser', () => {
     const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
     const page = await browser.newPage({
       clientCertificates: [{
-        url: serverURL,
+        origin: new URL(serverURL).origin,
-        certs: [{
         certPath: asset('client-certificates/client/self-signed/cert.pem'),
         keyPath: asset('client-certificates/client/self-signed/key.pem'),
       }],
-      }],
     });
     await page.goto(serverURL);
     await expect(page.getByText('Sorry Bob, certificates from Bob are not welcome here')).toBeVisible();
@@ -254,12 +235,10 @@ test.describe('browser', () => {
     const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
     const page = await browser.newPage({
       clientCertificates: [{
-        url: serverURL,
+        origin: new URL(serverURL).origin,
-        certs: [{
         certPath: asset('client-certificates/client/trusted/cert.pem'),
         keyPath: asset('client-certificates/client/trusted/key.pem'),
       }],
-      }],
     });
     await page.goto(serverURL);
     await expect(page.getByText('Hello Alice, your certificate was issued by localhost!')).toBeVisible();
@@ -269,12 +248,10 @@ test.describe('browser', () => {
   test('should have ignoreHTTPSErrors=false by default', async ({ browser, httpsServer, asset, browserName, platform }) => {
     const page = await browser.newPage({
       clientCertificates: [{
-        url: 'https://just-there-that-the-client-certificates-proxy-server-is-getting-launched.com',
+        origin: 'https://just-there-that-the-client-certificates-proxy-server-is-getting-launched.com',
-        certs: [{
         certPath: asset('client-certificates/client/trusted/cert.pem'),
         keyPath: asset('client-certificates/client/trusted/key.pem'),
       }],
-      }],
     });
     await page.goto(browserName === 'webkit' && platform === 'darwin' ? httpsServer.EMPTY_PAGE.replace('localhost', 'local.playwright') : httpsServer.EMPTY_PAGE);
     await expect(page.getByText('Playwright client-certificate error')).toBeVisible();
@@ -292,12 +269,10 @@ test.describe('browser', () => {
       const serverURL = await startCCServer({ useFakeLocalhost: browserName === 'webkit' && process.platform === 'darwin' });
       const { page } = await launchPersistent({
         clientCertificates: [{
-          url: serverURL,
+          origin: new URL(serverURL).origin,
-          certs: [{
           certPath: asset('client-certificates/client/trusted/cert.pem'),
           keyPath: asset('client-certificates/client/trusted/key.pem'),
         }],
-        }],
       });
       await page.goto(serverURL);
       await expect(page.getByText('Hello Alice, your certificate was issued by localhost!')).toBeVisible();