-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
core: INSECURE_DOCUMENT_REQUEST errors still return lhr #6608
Changes from 20 commits
4c658fb
eb7f5a3
62787ee
3577e0c
2c0b251
e22d9ca
9e54f1b
059d95e
51e4f05
1ce9144
4bd59e4
53e00a7
1b6e678
dde5b95
4807cf0
2d505e8
1e1fc8a
0a0e8e0
b863fbd
da6fd9c
3c54326
ab0582b
f272978
e6a659a
271a80a
8bbcbc4
04b1f64
1da3b01
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -81,13 +81,6 @@ class Driver { | |
this._eventEmitter.emit(event.method, event.params); | ||
}); | ||
|
||
/** | ||
* Used for monitoring network status events during gotoURL. | ||
* @type {?LH.Crdp.Security.SecurityStateChangedEvent} | ||
* @private | ||
*/ | ||
this._lastSecurityState = null; | ||
|
||
/** | ||
* @type {number} | ||
* @private | ||
|
@@ -765,6 +758,7 @@ class Driver { | |
/** | ||
* Returns a promise that resolves when: | ||
* - All of the following conditions have been met: | ||
* - page has no security issues | ||
* - pauseAfterLoadMs milliseconds have passed since the load event. | ||
* - networkQuietThresholdMs milliseconds have passed since the last network request that exceeded | ||
* 2 inflight requests (network-2-quiet has been reached). | ||
|
@@ -792,6 +786,40 @@ class Driver { | |
const waitForNetworkIdle = this._waitForNetworkIdle(networkQuietThresholdMs); | ||
// CPU listener. Resolves when the CPU has been idle for cpuQuietThresholdMs after network idle. | ||
let waitForCPUIdle = this._waitForNothing(); | ||
const cancelAll = () => { | ||
waitForFCP.cancel(); | ||
waitForLoadEvent.cancel(); | ||
waitForNetworkIdle.cancel(); | ||
waitForCPUIdle.cancel(); | ||
}; | ||
|
||
// Promise that only rejects when an insecure security state is encountered | ||
let securityCheckCleanup = () => {}; | ||
const securityCheckPromise = new Promise((_, reject) => { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. there's a lot to unpack in this function that needs longstanding cleanup I'll take a whack at as a followup to #6944, for now WDYT about sticking this in a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. yeah this goes hand-in-hand with the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. OK, I think I see how that'd work. I'll give it a shot |
||
/** | ||
* @param {LH.Crdp.Security.SecurityStateChangedEvent} event | ||
*/ | ||
const securityStateChangedListener = ({securityState, explanations}) => { | ||
if (securityState === 'insecure') { | ||
maxTimeoutHandle && clearTimeout(maxTimeoutHandle); | ||
securityCheckCleanup(); | ||
cancelAll(); | ||
const insecureDescriptions = explanations | ||
.filter(exp => exp.securityState === 'insecure') | ||
.map(exp => exp.description); | ||
const err = new LHError(LHError.errors.INSECURE_DOCUMENT_REQUEST, { | ||
securityMessages: insecureDescriptions.join(' '), | ||
}); | ||
reject(err); | ||
} | ||
}; | ||
securityCheckCleanup = () => { | ||
this.off('Security.securityStateChanged', securityStateChangedListener); | ||
this.sendCommand('Security.disable').catch(() => {}); | ||
}; | ||
this.on('Security.securityStateChanged', securityStateChangedListener); | ||
this.sendCommand('Security.enable').catch(() => {}); | ||
}); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ha, I think I disagree with @patrickhulce. The internals of If that's not convincing, maybe we could split the difference? Filter and map within const securityCheckPromise = waitForSecurityCheck.promise.then(securityMessages => {
return function() {
throw new new LHError(LHError.errors.INSECURE_DOCUMENT_REQUEST, {securityMessages});
}
}); (using the cleanupFn to reject the promise is a little weird but w/e :P) |
||
|
||
// Wait for both load promises. Resolves on cleanup function the clears load | ||
// timeout timer. | ||
|
@@ -816,10 +844,7 @@ class Driver { | |
}).then(_ => { | ||
return async () => { | ||
log.warn('Driver', 'Timed out waiting for page load. Checking if page is hung...'); | ||
waitForFCP.cancel(); | ||
waitForLoadEvent.cancel(); | ||
waitForNetworkIdle.cancel(); | ||
waitForCPUIdle.cancel(); | ||
cancelAll(); | ||
|
||
if (await this.isPageHung()) { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. FWIW for future refactoring, @paulirish mentioned he doesn't think this check is necessary anymore (errors are successfully being detected elsewhere, I guess) |
||
log.warn('Driver', 'Page appears to be hung, killing JavaScript...'); | ||
|
@@ -832,9 +857,11 @@ class Driver { | |
|
||
// Wait for load or timeout and run the cleanup function the winner returns. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. edit this comment to note that There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. OR crazy idea, the promise resolves with a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. to your second comment, so There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
right it would go hand-in-hand with #6608 (comment) to enable to refactor |
||
const cleanupFn = await Promise.race([ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. having this |
||
securityCheckPromise, | ||
loadPromise, | ||
maxTimeoutPromise, | ||
]); | ||
securityCheckCleanup(); | ||
await cleanupFn(); | ||
} | ||
|
||
|
@@ -1007,26 +1034,6 @@ class Driver { | |
return result.body; | ||
} | ||
|
||
async listenForSecurityStateChanges() { | ||
this.on('Security.securityStateChanged', state => { | ||
this._lastSecurityState = state; | ||
}); | ||
await this.sendCommand('Security.enable'); | ||
} | ||
|
||
/** | ||
* @return {LH.Crdp.Security.SecurityStateChangedEvent} | ||
*/ | ||
getSecurityState() { | ||
if (!this._lastSecurityState) { | ||
// happens if 'listenForSecurityStateChanges' is not called, | ||
// or if some assumptions about the Security domain are wrong | ||
throw new Error('Expected a security state.'); | ||
} | ||
|
||
return this._lastSecurityState; | ||
} | ||
|
||
/** | ||
* @param {string} name The name of API whose permission you wish to query | ||
* @return {Promise<string>} The state of permissions, resolved in a promise. | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,7 +22,7 @@ const UIStrings = { | |
/** Error message explaining that Lighthouse could not load the requested URL and the steps that might be taken to fix the unreliability. */ | ||
pageLoadFailedWithDetails: 'Lighthouse was unable to reliably load the page you requested. Make sure you are testing the correct URL and that the server is properly responding to all requests. (Details: {errorDetails})', | ||
/** Error message explaining that the credentials included in the Lighthouse run were invalid, so the URL cannot be accessed. */ | ||
pageLoadFailedInsecure: 'The URL you have provided does not have valid security credentials. ({securityMessages})', | ||
pageLoadFailedInsecure: 'The URL you have provided does not have valid security credentials. {securityMessages}', | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Any reason for removing these? I feel like a list that might make no sense as a sentence like this belongs in parens. e.g. The URL...credentials. (Reason 1 Reason 2) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. A realistic error message reads like this:
Which is a valid sentence. So...ignore this maybe. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. correct-o, the sentences should make sense as - is. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. at least, in english .. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think we need to add something about |
||
/** Error message explaining that Chrome has encountered an error during the Lighthouse run, and that Chrome should be restarted. */ | ||
internalChromeError: 'An internal Chrome error occurred. Please restart Chrome and try re-running Lighthouse.', | ||
/** Error message explaining that fetching the resources of the webpage has taken longer than the maximum time. */ | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -22,7 +22,10 @@ const redirectDevtoolsLog = require('../fixtures/wikipedia-redirect.devtoolslog. | |
const MAX_WAIT_FOR_PROTOCOL = 20; | ||
|
||
function createOnceStub(events) { | ||
return (eventName, cb) => { | ||
return async (eventName, cb) => { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this is a weird use of async/await (and depending on Can we just // wait a tick b/c real events never fire immediately
setTimeout(_ => cb(events[eventName]), 0);
return; like normal people? :P There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I meant drop the async/await in favor of the setTimeout :) |
||
// wait a tick b/c real events never fire immediately | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ❤️ |
||
await Promise.resolve(); | ||
|
||
if (events[eventName]) { | ||
return cb(events[eventName]); | ||
} | ||
|
@@ -95,13 +98,18 @@ connection.sendCommand = function(command, params) { | |
case 'Network.getResponseBody': | ||
return new Promise(res => setTimeout(res, MAX_WAIT_FOR_PROTOCOL + 20)); | ||
case 'Page.enable': | ||
case 'Page.navigate': | ||
case 'Page.setLifecycleEventsEnabled': | ||
case 'Network.enable': | ||
case 'Tracing.start': | ||
case 'ServiceWorker.enable': | ||
case 'ServiceWorker.disable': | ||
case 'Security.enable': | ||
case 'Security.disable': | ||
case 'Network.setExtraHTTPHeaders': | ||
case 'Network.emulateNetworkConditions': | ||
case 'Emulation.setCPUThrottlingRate': | ||
case 'Emulation.setScriptExecutionDisabled': | ||
return Promise.resolve({}); | ||
case 'Tracing.end': | ||
return Promise.reject(new Error('tracing not started')); | ||
|
@@ -535,4 +543,75 @@ describe('Multiple tab check', () => { | |
}); | ||
}); | ||
}); | ||
|
||
describe('Security check', () => { | ||
it('does not reject when page is secure', async () => { | ||
const secureSecurityState = { | ||
explanations: [], | ||
securityState: 'secure', | ||
}; | ||
driverStub.on = driverStub.once = createOnceStub({ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this poor Can you also break the cycle and make a There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. FWIW I'm also rather fond of keeping all the mocking close to the test like I did over in manifest PR with There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Ha, I'm not entirely sure how to interpret that. I also like maximizing locality so you can see what's actually been done to the mock you have to use. But I am generally against mocks if at all possible, if that's what that means :) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
phew! :)
only a joke no worries, just I feel like I've lead @hoten chasing too many wild geese lately 😆 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
lol I was trying to read too deeply :) :) |
||
'Security.securityStateChanged': secureSecurityState, | ||
'Page.loadEventFired': {}, | ||
'Page.domContentEventFired': {}, | ||
}); | ||
|
||
const startUrl = 'https://www.example.com'; | ||
const loadOptions = { | ||
waitForLoad: true, | ||
passContext: { | ||
passConfig: { | ||
networkQuietThresholdMs: 1, | ||
}, | ||
settings: { | ||
maxWaitForLoad: 1, | ||
}, | ||
}, | ||
}; | ||
await driverStub.gotoURL(startUrl, loadOptions); | ||
}); | ||
|
||
it('rejects when page is insecure', async () => { | ||
const insecureSecurityState = { | ||
explanations: [ | ||
{ | ||
description: 'reason 1.', | ||
securityState: 'insecure', | ||
}, | ||
{ | ||
description: 'blah.', | ||
securityState: 'info', | ||
}, | ||
{ | ||
description: 'reason 2.', | ||
securityState: 'insecure', | ||
}, | ||
], | ||
securityState: 'insecure', | ||
}; | ||
driverStub.on = createOnceStub({ | ||
'Security.securityStateChanged': insecureSecurityState, | ||
}); | ||
|
||
const startUrl = 'https://www.example.com'; | ||
const loadOptions = { | ||
waitForLoad: true, | ||
passContext: { | ||
passConfig: { | ||
networkQuietThresholdMs: 1, | ||
}, | ||
}, | ||
}; | ||
|
||
try { | ||
await driverStub.gotoURL(startUrl, loadOptions); | ||
assert.fail('security check should have rejected'); | ||
} catch (err) { | ||
assert.equal(err.message, 'INSECURE_DOCUMENT_REQUEST'); | ||
assert.equal(err.code, 'INSECURE_DOCUMENT_REQUEST'); | ||
/* eslint-disable-next-line max-len */ | ||
expect(err.friendlyMessage).toBeDisplayString('The URL you have provided does not have valid security credentials. reason 1. reason 2.'); | ||
} | ||
}); | ||
}); | ||
}); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
still
INSECRE
;)