Basic auth in 4.0

[rdesgrange-lf]

Hi, and thank you for the amazing job you are doing with sitespeed.

I need to use http basic auth for certain website check, I found some old v3 issue, and nothing about this in the v4 doc. Do I need to use Selenium pre run script ?

In advance thanks !!!

[soulgalore]

Hey @rdesgrange-lf thanks for the kind words, we work hard to make things work :)

We have an issue for basic auth in Browsertime sitespeedio/browsertime#254 (it needs to be implemented there).

In 3.x if I remember correctly we added the basic auth in the proxy we used at that time, so when the proxy went away (it needed to go so we could get rid of the Java dependency and get a direct connection to the servers). The ugly fix today should be to add the username/pwd in the URL like: http://username:[email protected]

This is the issue in Selenium that needs to be fixed for us to be able to have cleaner solution.

Best
Peter

[soulgalore]

Track this in Browsertime.

[joebeaver89]

Hi @soulgalore - I don't know if I should open a new issue for this, but when i use the ugly fix (http://u:[email protected]) on a crawl, sitespeed.io doesn't crawl, just gives me the result for the first page. Is there something I am doing wrong?

Command running is sitespeed.io http://user:[email protected]/ -d 2 and I get the output

[2017-03-10 08:57:17] Versions OS: darwin 16.4.0 nodejs: v7.0.0 sitespeed.io: 4.5.1 browsertime: 1.0.0-beta.28 coach: 0.31.0
[2017-03-10 08:57:17] Starting chrome for analysing http://user:[email protected]/ 3 time(s)
[2017-03-10 08:57:17] Testing url http://user:[email protected]/ run 1
[2017-03-10 08:57:23] Testing url http://user:[email protected]/ run 2
[2017-03-10 08:57:29] Testing url http://user:[email protected]/ run 3
[2017-03-10 08:57:37] 88 requests, 2129.09 kb, firstPaint: 821ms (±73.57ms), DOMContentLoaded: 1.13s (±126.04ms), Load: 2.09s (±360.68ms), rumSpeedIndex: 1171 (±142.75) (3 runs)
[2017-03-10 08:57:38] Render HTML for 1 page(s)
[2017-03-10 08:57:40] HTML stored in /Users/jbeaver/Desktop/sitespeed-result/sub.domain.com/2017-03-10-08-57-17
[2017-03-10 08:57:40] Finished analysing http://user:[email protected]/

Is there any way to make a crawl work with this method?

[soulgalore]

Hey @joebeaver89 that seems like bug, we should make that work, I'll move code to a new issue and ping you there. See #1506

[kapilsaxena]

For the ugly fix, what if my password contains '@'? I tried to find out that it's not working. Appreciate any help here.

[soulgalore]

@kapilsaxena if you use Chrome we have a real fix now --browsertime.basicAuth (it will come to FF when Selenium support new WebExtensions). But I guess it will still be a problem because we split by the @-sign, hmm.

[tobli]

@kapilsaxena Since it's included in a URL, you just URL encode the username and password.

[tobli]

That said, I'm not sure it'll work anymore. At least Chrome should disregard credentials passed in the URL, for security reasons (it's easy to trick users).

[kapilsaxena]

I am aware of the *--browsertime.basicAuth *but as I mentioned it doesn't work when password contains '@'. I tried encoding URL with username/password but no success. So, in short, I am unable to use it for SSO based authentication. I am wondering if this can somehow be prioritized to fix. *-- Regards, * *Kapil Saxena*

…

On 19 July 2017 at 02:39, Tobias Lidskog ***@***.***> wrote: That said, I'm not sure it'll work anymore. At least Chrome should disregard credentials passed in the URL, for security reasons (it's easy to trick users). — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1419 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AEZRoNkYTY8m0Fb7qdhOysmZojP0xWksks5sPR7ygaJpZM4LmmEr> .