Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: validate client-certificates on context creation #32168

Merged
merged 1 commit into from
Aug 19, 2024
Merged

chore: validate client-certificates on context creation #32168

merged 1 commit into from
Aug 19, 2024

Conversation

mxschmitt
Copy link
Member

@mxschmitt mxschmitt commented Aug 15, 2024
edited
Loading

No description provided.

@mxschmitt mxschmitt force-pushed the validate-certs-on-context-creation branch from 807fcfa to 71d147a Compare August 15, 2024 07:28
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@mxschmitt mxschmitt force-pushed the validate-certs-on-context-creation branch from 71d147a to af899a6 Compare August 15, 2024 08:24
@github-actions GitHub Actions

This comment has been minimized.

Sign in to view
@mxschmitt mxschmitt requested a review from dgozman August 16, 2024 08:54
dgozman
dgozman reviewed Aug 16, 2024
View reviewed changes
packages/playwright-core/src/server/browserContext.ts Outdated
@@ -735,6 +736,25 @@ export function verifyClientCertificates(clientCertificates?: channels.BrowserNe
throw new Error('key is specified without cert');
if (cert.pfx && (cert.cert || cert.key))
throw new Error('pfx is specified together with cert, key or passphrase');
try {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we move this into ClientCertificatesProxy constructor (and a similar place in fetch), perhaps we can save the resulting secure context and reuse it? Perhaps that gives us a bit more clarity (created a context ones and the using it) and a small performance win?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to apply this feedback to the SocksCertificateProxy, there it seems to work out well. For the APIRequestContext, https.request unfortunately doesn't accept a tls.SecureContext - so we keep things there as it is.

This seems to be aligned with the goal of the PR: clear and fast user-feedback which seems to be the case now for both, browser and APIRequestAPI (like before) usage.

@mxschmitt mxschmitt force-pushed the validate-certs-on-context-creation branch from af899a6 to 2c8790e Compare August 18, 2024 07:39
@mxschmitt mxschmitt requested a review from dgozman August 18, 2024 08:02
@github-actions GitHub Actions
Copy link
Contributor

Test results for "tests 1"

2 flaky ⚠️ [webkit-page] › page/page-goto.spec.ts:182:3 › should properly cancel Cross-Origin-Opener-Policy navigation
⚠️ [playwright-test] › ui-mode-test-watch.spec.ts:254:5 › should queue watches

30034 passed, 860 skipped
✔️✔️✔️

Merge workflow run.

@mxschmitt mxschmitt merged commit faf4853 into microsoft:main Aug 19, 2024
30 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dgozman dgozman dgozman approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mxschmitt @dgozman