CODEWITHSUNDEEP
javascriptseleniumselenium-webdriverwebdriverselenium-chromedriver
Lawrence Wagerfield
Lawrence Wagerfield

Reputation: 6611

Chrome is allowing insecure pages via WebDriver

Using Chrome 62 with Chrome Driver 2.33 and WebDriver 3.6.0, Chrome allows pages to load with bad SSL certificates -- it says "Not Secure" in the URL bar when the page opens, but the page is loaded none-the-less. If I access the page manually, then I get the expected 'blocker page'.

However, I want Chrome to reject the page via WebDriver just like Chrome does to human users.

Unfortunately I cannot find anyone else reporting this same problem (just lots of people reporting the exact opposite problem -- i.e. they want to allow insecure connections via WebDriver, but Chrome keeps blocking them!).

Is there a flag I can set (or prevent from being set if WebDriver is passing one to Chrome internally)?

const {Builder, Capabilities} = require('selenium-webdriver');

const driver = new Builder()
  .withCapabilities(Capabilities.chrome())
  .build();

driver.get('https://localhost/'); // Uses self-signed certificate.

Upvotes: 2

Views: 1499

Answers (1)

Florent B.
Florent B.

Reputation: 42528

By default, chromedriver accepts untrusted certificates.

To disable this feature, you'll have to exclude the switch ignore-certificate-errors:

var webdriver = require('selenium-webdriver');

var driver = new webdriver.Builder()
  .withCapabilities({
    'browserName': 'chrome',
    'goog:chromeOptions': {
      'args': ['disable-infobars'],
      'excludeSwitches': ['ignore-certificate-errors'],
      'prefs': { }
    }
  }).build();

driver.get("https://self-signed.badssl.com/")

Upvotes: 2

Related Questions