[BUG] ignoreHTTPSErrors not working on page.request

[Skombini]

Context:

• Playwright Version: 1.16.1
• Operating System: Windows
• Node.js version: 14.18.1
• Browser: All
• Extra: [any specific details about your environment]

System:

• OS: Windows 10 10.0.19042
• Memory: 8.17 GB / 15.94 GB

Binaries:

• Node: 14.18.1 - C:\Program Files\nodejs\node.EXE
• Yarn: 1.22.15 - C:\Program Files (x86)\Yarn\bin\yarn.CMD
• npm: 6.14.15 - C:\Program Files\nodejs\npm.CMD

Languages:

• Bash: 4.4.23 - C:\Program Files\Git\usr\bin\bash.EXE

npmPackages:

• playwright: ^1.16.1 => 1.16.1

Help us help you! Put down a short code snippet that illustrates your bug and
that we can run and debug locally. For example:

    const res = await page.request.post('./jobs/signin', {
        ignoreHTTPSErrors: true,
        data: {
            _csrf: csrf,
            N066F005_USERID: username,
            N066F010_PASSWORD: password,
        },
    })

Describe the bug

This is performed locally, on a https website. When I perform the above post request, I'm getting the error fetchRequest.post: Error: certificate has expired. Performing the same request using SuperTest runs with no problems. Though in the response it does denote that the cert has expired:

      _tlsOptions: [Object],
      _secureEstablished: true,
      _securePending: false,
      _newSessionPending: false,
      _controlReleased: true,
      secureConnecting: false,
      _SNICallback: null,
      servername: <URL>,
      alpnProtocol: false,
      authorized: false,
      authorizationError: 'CERT_HAS_EXPIRED',

However, I would have thought this would be ignored if using ignoreHTTPSErrors: true.

[yury-s]

@Skombini can you share a repro? I tried with the snippet below and it passed on node v14.18.1:

test('should support ignoreHTTPSErrors option', async ({ page }) => {
  const response = await page.request.get('https://expired.badssl.com/', {
    ignoreHTTPSErrors: true
  });
  expect(response.status()).toBe(200);
});

Can you run with DEBUG=pw:api and share the log so that we can see if there is anything suspicious in the log?

[Skombini]

Sorry @yury-s it's an internal website I'm not comfortable in sharing, and also behind a VPN. Which makes it a pain I know. Anyway here's the logs you asked for, it seems that the Post request works - in getting a redirect response - but then fails for some reason. :'(

pw:api => browserType.launch started +0ms
pw:api <= browserType.launch succeeded +431ms
pw:api => browser.newContext started +2ms
pw:api <= browser.newContext succeeded +10ms
pw:api => browserContext.newPage started +1ms
pw:api <= browserContext.newPage succeeded +262ms
pw:api => fetchRequest.post started +22ms
pw:api → POST https://internalwebsite/A11_QAWeb/jobs/signin +5ms
pw:api user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/97.0.4666.0 Safari/537.36 +0ms
pw:api accept: / +0ms
pw:api accept-encoding: gzip,deflate,br +0ms
pw:api content-type: application/json +0ms
pw:api content-length: 116 +0ms
pw:api cookie: SID/A11_QAWeb/jobs=s%3AxAiWEPJDsaBOFdMofGVqzqeiyRDbg13x.EWkodKMGzgtBQDgm7QjrlCFpx8UnHxaDykNn7%2FL%2Fw2Q +0ms
pw:api ← 302 Found +1s
pw:api cache-control: no-cache, no-store, must-revalidate +0ms
pw:api pragma: no-cache +0ms
pw:api content-type: text/plain; charset=utf-8 +0ms
pw:api expires: 0 +0ms
pw:api location: /A11_QAWeb/jobs +0ms
pw:api vary: Accept +1ms
pw:api set-cookie: SID/A11_QAWeb/jobs=s%3AItvBTH50LRuiIr20D6ye9IR21NvqbdUN.XbyYIvu2u%2BiQCgG52PqkgwqMc14XGoLsLmywS0M%2FU2c; Path=/; HttpOnly; Secure; SameSite=None +0ms
pw:api x-dns-prefetch-control: off +0ms
pw:api strict-transport-security: max-age=15552000; includeSubDomains +0ms
pw:api x-download-options: noopen +0ms
pw:api x-content-type-options: nosniff +0ms
pw:api x-xss-protection: 1; mode=block +1ms
pw:api date: Tue, 26 Oct 2021 21:41:19 GMT +0ms
pw:api connection: close +0ms
pw:api content-length: 37 +0ms
pw:api → GET https://internalwebsite/A11_QAWeb/jobs +6ms
pw:api user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/97.0.4666.0 Safari/537.36 +1ms
pw:api accept: / +0ms
pw:api accept-encoding: gzip,deflate,br +0ms
pw:api content-length: 116 +0ms
pw:api cookie: SID/A11_QAWeb/jobs=s%3AItvBTH50LRuiIr20D6ye9IR21NvqbdUN.XbyYIvu2u%2BiQCgG52PqkgwqMc14XGoLsLmywS0M%2FU2c +0ms
pw:api <= fetchRequest.post failed +84ms
pw:api => browserContext.close started +1ms
pw:api <= browserContext.close succeeded +100ms
pw:api => browser.close started +2ms
pw:api <= browser.close succeeded +55ms

[yury-s]

Thanks for the log, the problem is with the redirects. I'll send a fix.

[aslushnikov]

This one is merged and cherry-picked to 1.16

[REDLIONOO3]

Closed meaning issued fixsed?

…

On Tue, Oct 26, 2021, 11:22 PM Andrey Lushnikov ***@***.***> wrote: Closed #9768 <#9768>. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#9768 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AWDFUER6MR52XNWHIOX3OZLUI6LEDANCNFSM5GWSD4TQ> .

[yury-s]

Yes, it is fixed ans is going to be available in 1.16.2