Menu
Chrome 59 has removed support for https://user:[email protected] URLs.
I have a test which was using this feature which has now broken, so I'm trying to replace it with a version which waits for the authentication popup and fills in the details. But the following doesn't work on Chrome (which doesn't see the auth popup as an alert):
alert().authenticateUsing(new UserAndPassword("test", "test"));
The selenium-only version has the same issue:
WebDriverWait wait = new WebDriverWait(getDriver(), 10);
Alert alert = wait.until(ExpectedConditions.alertIsPresent());
alert.authenticateUsing(new UserAndPassword("test", "test"));
(based on the answer given here: How to handle authentication popup with Selenium WebDriver using Java)
I can see several workarounds for handling this in FireFox, but nothing for Chrome. Is there any alternative approach?
981
setPreference("network. http. phishy-userpass-length", 255); driver = new FirefoxDriver(profile); driver. get("http://username:[email protected]/");
The basic authentication process for both Chrome and Firefox browsers can be done by appending the username and password in URL of the page.
New Selenium IDE We can handle browser authentication with Selenium webdriver. We have to pass the credentials appended with the URL. The username and password must be added with the format: https://username:password@URL. Let us make an attempt to handle the below browser authentication.
Pass username and password in the URL For example, if you have basic authentication enabled in the www.example.com/index.html page then by passing username and password in the URL (refer the below code), you can avoid the login prompt and get authenticated automatically.
I'm sure Florent B's solutions are viable, but for retro-fitting an old test, I found that zoonabar's solution posted to this duplicate question is easier to implement, takes considerably less code, and requires no special preparation of the test box. It also seems that it would be easier to follow for new developers looking at the code.
In short: visiting any URL with credentials before visiting the URL under test (without credentials) will cause the browser to remember the credentials.
goTo("http://user:password@localhost"); // Caches auth, but page itself is blocked
goTo("http://localhost"); // Uses cached auth, page renders fine
// Continue test as normal
This may feel like a vulnerability in the browser which will be patched, but I think this is unlikely; the restriction has been imposed to avoid phishing risks (where the username chosen looks like a domain, e.g. "http://google.com:long-token-here-which-makes-the-real-domain-disappear@example.com/"), and this workaround for setting credentials doesn't pose the same risk.
See zoonabar's answer
146
One solution is to run a transparent proxy to inject the header with the required credentials.
But another and easier solution is to create a small extension to automatically set the credentials:
https://gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
