赛普拉斯-访问主站点时出现403禁止错误 [英] cypress - 403 forbidden error when visiting main site
问题描述
我正在尝试cy.visit()单页应用程序,该应用程序要求我在浏览器中加载的证书才能正确运行。运行测试时,它失败并显示403禁止错误。有一个可怕的解决方法,我在cypress / chrome浏览器窗口中打开一个新选项卡,然后直接转到我的Web应用程序,这会提示我几次选择我的证书,然后加载页面。如果随后重新加载测试,它将以某种方式保留我的证书选择,并直接转到页面并运行测试。如果必须像before或beforeEach循环中那样执行第二个cy.visit(),则它将返回403禁止错误。启动cypress / chrome浏览器时,证书提示似乎正在破坏测试,因为它通常会提示您选择证书。由于它是自动执行此操作的,因此不会出现提示,也不会发送/加载证书等,并且会出现403。
I am trying to cy.visit() my single page application that requires my certificate loaded in the browser to run correctly. When running a test, it fails with a 403 forbidden error. There is a terrible work-around where I open a new tab in the cypress/chrome browser window and go directly to my web app, which prompts for me to select my certificate a few times and then loads the page. If I then reload the test, it somehow keeps my certificate selections and goes straight to the page and runs the tests. If it has to do a second cy.visit() as in a before or beforeEach loop, it then returns the 403 forbidden error. It seems as though the certificate prompts are breaking the tests when it launches the cypress/chrome browser, since it normally prompts for a certificate selection. Since its automatically doing this, the prompt never happens, and the certificate is not sent/loaded, etc. and the 403 occurs.
有人遇到过这个问题并提出了吗?比我的解决方案更好的解决方案?
Has anyone encountered this and come up with a better solution than my work-around??
推荐答案
httpProxy.createProxyServer({
target: {
protocol: 'https:',
host: 'my-domain-name',
port: 443,
pfx: fs.readFileSync('path/to/certificate.p12'),
passphrase: 'password', },
changeOrigin: true,
}).listen(4440);
解决方案:
添加http代理服务器并在传出请求上附加PKI,因此说您将代理设置为侦听localhost:4440,因此现在您正在执行cy.visit( http :// localhost:4440 )。代理将visit()请求转发给主机 my-domain-name,并附加PKI。
Add a http proxy server and append the PKI on outgoing requests so say you set the proxy to listen to localhost:4440 so now you are doing cy.visit(http://localhost:4440). The proxy forwards the visit() request to the host:'my-domain-name' and appends the PKI.
出于某种原因,赛普拉斯在幕后所做的一切都会阻止赛普拉斯浏览器在PKI证书上加载/转发。您可能还需要使用cert utils在执行服务器数据库上安装cert https://www.systutorials.com/docs/linux/man/1-certutil/ 。 CY电子浏览器将自动加载安装在数据库上的证书,因此,重要的是,您只能在该证书上拥有访问被测应用程序的权限。想要在CI管道中运行时,可以全部在Ansible中完成。这是一个痛苦的设置,需要一些团队的努力,并且是一位乐于参与测试的优秀开发人员。赛普拉斯值得付出所有努力,因此,如果您现在还没有解决问题,那么请达夫希望您重新考虑使用它。
For some reason whatever Cypress is doing under the hood prevents the Cypress browser from loading/forwarding on the PKI cert. You will probably also need to install the cert on your execution server db using cert utils https://www.systutorials.com/docs/linux/man/1-certutil/. The CY electron browser will automatically load a cert that is installed on the db so it is important you only ever have certs on there that have permissions to access the application under test. This can all be done in Ansible when wanting to run in a CI pipeline. Was a painful set up and involved some team effort and a great dev who enjoys getting involved in test. Cypress has turned out to be worth all the effort so would deff hope you reconsider using if you haven't already solved it by now.
这篇关于赛普拉斯-访问主站点时出现403禁止错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
