java Chrome 59 和使用 Selenium/Fluentlenium 的基本身份验证
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/44542740/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Chrome 59 and Basic Authentication with Selenium/Fluentlenium
提问by Dave
Chrome 59 has removed support for https://user:[email protected] URLs.
Chrome 59 已取消对 https://user:[email protected] URLs 的支持。
I have a test which was using this feature which has now broken, so I'm trying to replace it with a version which waits for the authentication popup and fills in the details. But the following doesn't work on Chrome (which doesn't see the auth popup as an alert):
我有一个使用此功能的测试,但现在已损坏,因此我尝试将其替换为等待身份验证弹出窗口并填写详细信息的版本。但是以下在 Chrome 上不起作用(它不会将身份验证弹出窗口视为警报):
alert().authenticateUsing(new UserAndPassword("test", "test"));
The selenium-only version has the same issue:
selenium-only 版本也有同样的问题:
WebDriverWait wait = new WebDriverWait(getDriver(), 10);
Alert alert = wait.until(ExpectedConditions.alertIsPresent());
alert.authenticateUsing(new UserAndPassword("test", "test"));
(based on the answer given here: How to handle authentication popup with Selenium WebDriver using Java)
(基于此处给出的答案:How to handle authentication popup with Selenium WebDriver using Java)
I can see several workarounds for handling this in FireFox, but nothing for Chrome. Is there any alternative approach?
我可以看到在 FireFox 中处理此问题的几种解决方法,但对于 Chrome 则没有。有什么替代方法吗?
回答by Dave
I'm sure Florent B's solutions are viable, but for retro-fitting an old test, I found that zoonabar's solution posted to this duplicate questionis easier to implement, takes considerably less code, and requires no special preparation of the test box. It also seems that it would be easier to follow for new developers looking at the code.
我确信 Florent B 的解决方案是可行的,但是为了改造旧测试,我发现发布到这个重复问题的zoonabar 解决方案更容易实现,需要的代码少得多,并且不需要对测试框进行特殊准备。对于查看代码的新开发人员来说,似乎也更容易理解。
In short: visiting any URL with credentials before visiting the URL under test (without credentials) will cause the browser to remember the credentials.
简而言之:在访问被测 URL(没有凭据)之前访问任何带有凭据的 URL 将导致浏览器记住凭据。
goTo("http://user:password@localhost"); // Caches auth, but page itself is blocked
goTo("http://localhost"); // Uses cached auth, page renders fine
// Continue test as normal
This may feel like a vulnerability in the browser which will be patched, but I think this is unlikely; the restriction has been imposed to avoid phishing risks (where the username chosen looks like a domain, e.g. "http://google.com:long-token-here-which-makes-the-real-domain-disappear@example.com/"), and this workaround for setting credentials doesn't pose the same risk.
这可能感觉像是浏览器中的一个漏洞,会被修补,但我认为这不太可能;施加限制是为了避免网络钓鱼风险(选择的用户名看起来像一个域,例如“ http://google.com:long-token-here-which-makes-the-real-domain-disappear@example.com /"),并且这种设置凭据的解决方法不会带来相同的风险。
回答by Florent B.
One solution is to run a transparent proxy to inject the header with the required credentials.
一种解决方案是运行透明代理以将所需凭据注入标头。
But another and easier solution is to create a small extension to automatically set the credentials:
但是另一个更简单的解决方案是创建一个小扩展来自动设置凭据:
https://gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46
https://gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46
回答by Anon
Over in https://bugs.chromium.org/p/chromium/issues/detail?id=435547#c33you can see a mkwst saying there was a bug regarding basic auth credentials and same origin sites made it into stable.
在https://bugs.chromium.org/p/chromium/issues/detail?id=435547#c33 中,您可以看到 mkwst 说存在关于基本身份验证凭据的错误,并且同源站点使其稳定。
If you use the "--disable-blink-features=BlockCredentialedSubresources" or go to a Chrome Canary build you may find that the original problem you were seeing is not happening any more...
如果您使用“--disable-blink-features=BlockCredentialedSubresources”或转到 Chrome Canary 版本,您可能会发现您看到的原始问题不再发生......
回答by trunkc
Florent B. found a solution with the help of a chrome extension, that is added on the fly in the selenium test. The extenion handles the basic auth credentials, if requiered:
Florent B. 在 chrome 扩展的帮助下找到了一个解决方案,该扩展是在 selenium 测试中即时添加的。如果需要,扩展程序处理基本身份验证凭据:
ChromeOptions options = new ChromeOptions();
options.addExtensions(new File("C:/path_to/credentials_extension.zip"));
driver = new RemoteWebDriver(new URL("http://127.0.0.1:9515"), options);
Chrome extension code:
https://gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46
(just modify username and password in background.js and then zip the files background.js and manifest.json to credentials_extension.zip)
Chrome扩展代码:https:
//gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46
(只需在background.js中修改用户名和密码,然后将background.js和manifest.json文件压缩到credentials_extension.zip)
Found here: Selenium - Basic Authentication via url
