Selenium - Basic Authentication via url
In my Selenium-Test
(with chromedriver-2.24
) I'm trying to access my webpage via basic authentication with the following statement:
WebDriver driver = ...;
driver.get("http://admin:admin@localhost:8080/project/");
But Google Chrome gives me the following warning in the console:
[Deprecation] Subresource requests whose URLs contain embedded credentials (e.g.
https://user:pass@host/
) are blocked. See https://www.chromestatus.com/feature/5669008342777856 for more details.
In the tagged link is mentioned that the support was dropped:
Drop support for embedded credentials in subresource requests. (removed)
My question now is, is there an other way to basic-authenticate from Selenium?
NOTE: this has not helped: How to Handle HTTP Basic Auth headers in Selenium Webdriver using Java ?
There were some updates in this link
as :
Chromium Issue 435547
Drop support for embedded credentials in subresource requests. (removed)We should block requests for subresources that contain embedded credentials (e.g. "http://ima_user:[email protected]/yay.tiff"). Such resources would be handled as network errors.
However, Basic Authentication functionality still works with Selenium 3.4.0, geckodriver v0.18.0, chromedriver v2.31.488763, Google Chrome 60.x and Mozilla Firefox 53.0 through Selenium-Java bindings.
Here is the example code which tries to open the URL http://the-internet.herokuapp.com/basic_auth with a valid set of credentials and it works.
Firefox:
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;
public class BasicAuthentication_FF
{
public static void main(String[] args)
{
System.setProperty("webdriver.gecko.driver", "C:\\Utility\\BrowserDrivers\\geckodriver.exe");
WebDriver driver = new FirefoxDriver();
driver.navigate().to("http://admin:[email protected]/basic_auth");
}
}
Chrome:
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriver;
import org.openqa.selenium.chrome.ChromeOptions;
public class BasicAuthentication_Chrome
{
public static void main(String[] args)
{
System.setProperty("webdriver.chrome.driver", "C:\\Utility\\BrowserDrivers\\chromedriver.exe");
ChromeOptions options = new ChromeOptions();
options.addArguments("start-maximized");
options.addArguments("disable-infobars");
options.addArguments("--disable-extensions");
WebDriver driver = new ChromeDriver(options);
driver.navigate().to("http://admin:[email protected]/basic_auth");
}
}
The basic authentication via url is blocked only for sub resources. So you could still use it on the domain:
driver.get("http://admin:admin@localhost:8080");
driver.get("http://localhost:8080/project");
You could also create a small extension to automatically set the credentials when they are requested:
options = webdriver.ChromeOptions()
options.add_extension(r'C:\dev\credentials.zip')
https://gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46
Florent B.'s approach of calling .get on the URL twice worked for me with a slight modification. In JS:
driver
.get('http://admin:admin@localhost:8080')
.then( () => driver.get('http://localhost:8080') )
working on google chrome 62.0.3202.94 with ChromeDriver 2.33.506092 and the approach seems compatible with firefox 56.0.2 with geckodriver 0.19.1, and phantomjs 2.1.1 all under Debian linux 9.
What I believe is happening is the first call sets up the Authorization header sent by the browser. The second call removes the credentials from the URL and the credentials no longer are applied to subresources. The then
synchronizes the two requests ensuring order.
New features for chrome and basic authentication via remote-debug: just for linking it here, so people who are stuck can find a solution for chrome and more: Chrome remote debugging in a seleniumgrid