#2694 - Visiting PKI protected domains with cy.visit() - Exploratory PR

[matt-rhys-jones]

Issue

Hello! We are really enjoying using Cypress at the BBC, but some of our domains under test are protected with PKI, and we receive SSL errors when accessing them with cy.visit() because we can't pass our certificates through.

When researching this we noticed an issue had been raised a few days ago (not by us) - #2694 so we thought we'd try and have a go at adding support for certificate protected domains.

This PR resolves the issue for us, but we haven't contributed to Cypress before so this is a very naive implementation (which is why I haven't named the branch after the issue or proposed any documentation changes). I'm sure there's some context or complexities we're missing and would welcome your thoughts :)

Proposal

We felt that it may be useful to allow users to pass in key and cert options to cy.visit() which would contain their PKI credentials. These options can then be passed alongside existing ones so that, if a cert/key has been provided, they are included in the options provided to request as per their docs.

Usage

This PR would allow users to do something along the lines of:

# Export CYPRESS prefixed environment variables containing the contents of the crt/key files

export CYPRESS_CERT=$(cat /path/to/your/certificate.crt)
export CYPRESS_KEY=$(cat /path/to/your/certificate.key)

# index_spec.js

describe(('when accessing a PKI cert protected domain') => {
  it(('should not reject with an error') => {
      const options = {
          cert: Cypress.env('CERT'),
          key: Cypress.env('KEY')
      }
      
      cy.visit('https://cert-protected-domain', options)
  })
});

This approach seemed like the simplest way to get this working (and it worked for us) but I'm sure there's other options (e.g. plugins that use fs to read certs from the filesystem) that might be more suitable.

I hope this is useful and that we can look at ways of implementing this so that we can use Cypress more widely.

[CLAassistant]

All committers have signed the CLA.

[brian-mann]

See my comment here for discussion

[sforner405]

Any news on the PR?

[craigkj]

@sforner405 discussing on the issue. You could try out the fork that @matt-rhys-jones made to see if thats the kind of thing that might work for you though.

[jennifer-shehane]

The scope of fixing PKI is much larger than what's addressed in this PR and would require a brand new pull request, so we've decided to close this PR. Thank you for the work put in - it helped us wrap our head around what is necessary.

To read more about the entire scope or contribute ideas to the PKI proposal - see this issue comment