Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core(driver): only fail security state if scheme is not cryptographic #8338

Merged
merged 2 commits into from Apr 17, 2019
Merged

core(driver): only fail security state if scheme is not cryptographic #8338

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5c11932
core(driver): only fail security state if scheme is not cryptographic
patrickhulce Apr 16, 2019
bd39d5b
testsg
patrickhulce Apr 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 6 additions & 2 deletions lighthouse-core/gather/driver.js
View file
Open in desktop
Expand Up @@ -912,8 +912,12 @@ class Driver {
/**
* @param {LH.Crdp.Security.SecurityStateChangedEvent} event
*/
const securityStateChangedListener = ({securityState, explanations}) => {
if (securityState === 'insecure') {
const securityStateChangedListener = ({
securityState,
explanations,
schemeIsCryptographic,
}) => {
if (securityState === 'insecure' && schemeIsCryptographic) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, the nice thing about schemeIsCryptographic is that it's always testing the scheme of the URL on which this event was fired†. It would be difficult to get the current URL in here and (in the case of redirects) to make sure the URL we're checking is the one associated with the event we're checking.

I guess the question is are there cases where schemeIsCryptographic is false but we should still be checking for the securityState, otherwise we're testing a Chrome-generated error page?

†uh, at least I assume it is :)

cancel();
const insecureDescriptions = explanations
.filter(exp => exp.securityState === 'insecure')
Expand Down
26 changes: 26 additions & 0 deletions lighthouse-core/test/gather/driver-test.js
View file
Open in desktop
Expand Up @@ -700,6 +700,31 @@ describe('.gotoURL', () => {
await loadPromise;
});

it('does not reject when page is insecure but http', async () => {
const secureSecurityState = {
explanations: [],
securityState: 'insecure',
schemeIsCryptographic: false,
};

driver.on = driver.once = createMockOnceFn()
.mockEvent('Security.securityStateChanged', secureSecurityState);

const startUrl = 'https://www.example.com';
const loadOptions = {
waitForLoad: true,
passContext: {
settings: {
maxWaitForLoad: 1,
},
},
};

const loadPromise = driver.gotoURL(startUrl, loadOptions);
await flushAllTimersAndMicrotasks();
await loadPromise;
});

it('rejects when page is insecure', async () => {
const insecureSecurityState = {
explanations: [
Expand All @@ -717,6 +742,7 @@ describe('.gotoURL', () => {
},
],
securityState: 'insecure',
schemeIsCryptographic: true,
};

driver.on = driver.once = createMockOnceFn();
Expand Down