[Bug][chromium]: When enabling tracing with snapshots, the protected HEAD request causes credential dialog to open

[saw-jan]

Version

1.52.0

Steps to reproduce

I couldn't find other way to reproduce this. So, here's my setup:

1. Start ocis server. Simple docker compose file

   services:
     ocis:
       image: owncloud/ocis:latest
       ports:
         - 9200:9200
       environment:
         OCIS_URL: https://localhost:9200
         IDM_ADMIN_PASSWORD: admin
         OCIS_INSECURE: true
         OCIS_LOG_LEVEL: error
       entrypoint: /bin/sh
       command: ['-c', 'ocis init || true; ocis server']

2. Start the following test in headed mode:

   import { test, chromium } from '@playwright/test'
   
   test('download', async () => {
     const browser = await chromium.launch()
     const context = await browser.newContext()
     await context.tracing.start({ screenshots: false, snapshots: true, sources: false })
     const page = await context.newPage()
     await page.goto('https://localhost:9200')
     await page.locator('#oc-login-username').fill('admin')
     await page.locator('#oc-login-password').fill('admin')
     await Promise.all([
       page.waitForResponse(
         (resp) =>
           resp.url().endsWith('/token') && resp.status() === 200 && resp.request().method() === 'POST'
       ),
       page.locator('button[type="submit"]').click()
     ])
     await page.locator('#web-content').waitFor()
     await page.pause()
     await context.tracing.stop({ path: 'trace.zip' })
   })

3. From the running ocis UI, upload an image
4. Open the image
5. Download the image
   

Expected behavior

Browser credential dialog should not be opened.

Actual behavior

Browser credential dialog appears

Additional context

Note

we should not try to get the body for HEAD requests as HEAD request will not send the body (see rfc)

playwright/packages/playwright-core/src/server/chromium/crNetworkManager.ts

Lines 374 to 388 in 3cf6fa2

	const getResponseBody = async () => {
	const contentLengthHeader = Object.entries(responsePayload.headers).find(header => header[0].toLowerCase() === 'content-length');
	const expectedLength = contentLengthHeader ? +contentLengthHeader[1] : undefined;
	const session = request.session;
	const response = await session.send('Network.getResponseBody', { requestId: request._requestId });
	if (response.body || !expectedLength)
	return Buffer.from(response.body, response.base64Encoded ? 'base64' : 'utf8');
	// Make sure no network requests sent while reading the body for fulfilled requests.
	if (request._route?._fulfilled)
	return Buffer.from('');
	// For <link prefetch we are going to receive empty body with non-empty content-length expectation. Reach out for the actual content.
	const resource = await session.send('Network.loadNetworkResource', { url: request.request.url(), frameId: this._serviceWorker ? undefined : request.request.frame()!._id, options: { disableCache: false, includeCredentials: true } });

This doesn't happen with Firefox and Webkit browsers

For chromium, the solution could be to return empty body early for HEAD requests from getResponseBody of crNetworkManager.ts

const getResponseBody = async () => { 
  if (request.request.method() === 'HEAD') {
    return Buffer.from('');
  }
...

Environment

System: `Ubuntu 22.04`
Node: `20.18.1`

[mxschmitt]

I unfortunately wasn't able to reproduce on macOS 15 and Linux (Ubuntu 24.04). Where did you run your Playwright tests on? I assume they were running in another container or on the host machine? I was running them on my host machine.

I was uploading an image, opening the image, clicking on the dots and pressing on the Download button. The download was happening so I assume for me it works.

[saw-jan]

I am running tests on Ubuntu 22.04 host machine.

I was uploading an image, opening the image, clicking on the dots and pressing on the Download button. The download was happening so I assume for me it works.

If all these were done in the browser opened by the test, then it's interesting. I will try to do the same on the Ubuntu 24.04 VM.

[saw-jan]

I unfortunately wasn't able to reproduce on macOS 15 and Linux (Ubuntu 24.04). Where did you run your Playwright tests on? I assume they were running in another container or on the host machine? I was running them on my host machine.

you're right. I tried on both 22.04 and 24.04 VMs, the download was working as expected. But the issue still exists on my 22.04 host machine.

[mxschmitt]

This is how I've tried it. Note that inside the script I had to add browser.newContext({ ignoreHTTPSErrors: true }); in order to make it work for me. Maybe that makes a difference? I'm curious why it wasn't needed for you.

Screen.Recording.2025-05-12.at.10.08.55.mov

[saw-jan]

This is how I've tried it. Note that inside the script I had to add browser.newContext({ ignoreHTTPSErrors: true }); in order to make it work for me. Maybe that makes a difference? I'm curious why it wasn't needed for you.

I have it as launchOptions args in the playwright config. Yeah, the same setup is working fine in my VM but not on my host machine 😢
And when using the following patch, it works:

const getResponseBody = async () => { 
  if (request.request.method() === 'HEAD') {
    return Buffer.from('');
  }
...

The problem occurs with the following event:

playwright/packages/playwright-core/src/server/chromium/crNetworkManager.ts

Line 388 in cd32b0a

const resource = await session.send('Network.loadNetworkResource', { url: request.request.url(), frameId: this._serviceWorker ? undefined : request.request.frame()!._id, options: { disableCache: false, includeCredentials: true } });

[mxschmitt]

Can you try printing the URL of which resource the body is requested? Its something like console.log(request.request.url())

[saw-jan]

This is the url: https://localhost:9200/remote.php/dav/spaces/0f51f613-940f-4340-8935-99beb6962582%2488a8a196-985a-47c5-8d3a-39616e32f1f5/selenium.png

[mxschmitt]

Maybe you have other custom options set somewhere? Does this happen on a new project created via npm init playwright test-project?

For me Network.loadNetworkResource fails and does not produce any credential dialog.

[saw-jan]

This is my playwright config:
NOTE: I removed launchOptions and used { ignoreHTTPSErrors: true } while creating browser context.

import { defineConfig, devices } from '@playwright/test'

export default defineConfig({
  timeout: 30000,
  use: {
    browserName: 'chromium',
    headless: false,
  },
  projects: [
    {
      name: 'chromium',
      use: { ...devices['Desktop Chrome'] },
    },
  ],
})

[saw-jan]

Maybe you have other custom options set somewhere? Does this happen on a new project created via npm init playwright test-project?

Same error even with this setup as well. I can reproduce it on Ubuntu-22.04 and Ubuntu-24.04 host machines.
But when using VMs and docker container, it seems to work just fine. couldn't find what's the real cause.

[mxschmitt]

I assume you are on amd64? Which Desktop environment are you using? KDE/xfce? Does the test fail or is the issue only that the credentials dialog appears?