playwright
playwright copied to clipboard
microsoft
[Docs] Look into --auth-server-allowlist="_" Chromium flag
if (browserName.equalsIgnoreCase("Chrome")) { page = getBrowser(playwright, browserName) .launch(new BrowserType.LaunchOptions() .setHeadless(false) .setChannel("chrome") .setArgs(List.of("--start-maximized", "--incognito"))) .newContext(new Browser.NewContextOptions().setViewportSize(null)) .newPage();
} This is my code snippet
You don't need to specify the args. Each BrowserContext is isolated. It might not look like an incognito tab, but they are isolated. In the web there is no notion of an incognito tab, so the web-page you are testing, can't tell the difference.
Does this help?
@mxschmitt and @kiranbandaqa, I am also seeing that Chromium in Playwright is not truly incognito.
When I launch my application in a Playwright test, with no cookies/origins set, I am presented with "Continue as User X". It recognizes me.
Test cases to confirm this behavior is because Playwrights version of Chromium "isolated" is not the same as Chromium incognito.
- Open application in Chromium using Playwright: I see "Continue as User X" and can continue with SSO.
- Open application in Chromium using Playwright with
launchOptions.argsincluding--incognito: I see "Continue as User X" and can continue with SSO. - Open application in Chromium locally (No Playwright): I see "Continue as User X" and can continue with SSO.
- Open application in Chromium with flag
--incognito: The browser has no idea who I am - I am force to provide credentials. - Open application in Chromium using Playwright in GitHub workflow runner: The browser has no idea who I am - I am force to provide credentials.
While it runs as I would expect on the CI server, it should mirror my local runs. Especially if the browsers are truly isolated here.
Its clear the issue lies in the fact some local credentials cache is being picked up when Chromium is not truly run in incognito mode, but I am at a loss as to how to prevent it from happening.
Any ideas as to what might be wrong here, or guidance on getting parity between local Chromium --incognito and Playwrights version of browser isolation?
@0x533435353447 where do you see "Continue as User X"? Could you provide us more details / screenshot? This would help us to reason about where this is coming from. From a website standpoint, in e.g. JavaScript, storage, like cookies etc. we are fully isolated - this is one of Playwrights core capabilities.
(There is a known issue about AAD auth - maybe you are encountering this)
Thanks @mxschmitt, the "Continue as User X" appears on one of our authentication/login systems that protects the application under test. Where X is the name of the user it has detected. So, http://my-applications redirects to https://login-application (Where "Continue as User X" appears). The user alternatively redirected to an http://sso-application if a user is not detected which is actually what I would expect in all cases.
But on my local machine, X is always me, unless I spin up a local incognito browser outside of Playwright.
(There is a known issue about AAD auth - maybe you are encountering this)
We are not using AAD in this case. The authentication system is internal.
From a website standpoint, in e.g. JavaScript, storage, like cookies etc. we are fully isolated - this is one of Playwrights core capabilities.
I've debugged the test, and peeked into cookies/storage and I'm not seeing anything.
Is there a reason why Chromium does not appear to be in incognito mode when Playwright tests run? e.g. I would expect to see the Incognito badge in the browser menu bar as below.
Passing launchOptions.args of --incognito makes no difference (Despite it make a huge difference locally in terms of test reproducibility).
But on my local machine, X is always me, unless I spin up a local incognito browser outside of Playwright.
Would love to learn more about this! So any screenshots / more details what this auth uses under the hood are appreciated.
Is there a reason why Chromium does not appear to be in incognito mode when Playwright tests run? e.g. I would expect to see the Incognito badge in the browser menu bar as below.
Chromium recently changed the UI a bit, while it doesn't look like Incognito anymore, it is still incognito, see this lengthy discussion if you are curious. In a nutshell: nothing has changed the past few releases on a technicial perspective, only the Chromium UI doesn't make it look like incognito anymore.
@mxschmitt, after some further digging based on the link you sent, I've realized my problem is best described by #13954.
I am in fact using an AAD enrolled machine and that was the culprit behind the login screen knowing more about me than expected!
My solution per the linked issue was to pass in --auth-server-allowlist="_" to the launchOptions.args configuration, and set some empty httpCredentials under contextOptions. All from playwright.config.ts.
Is there a reason why --auth-server-allowlist="_" is not passed in as a default launch parameter to further the isolation? Without it, one can expect see different result running tests on a CI server if they scripted the tests to interact with a login page differently.
We had a discussion within the team about it. We need to understand the flag a bit better in order to act on it. What happens if you don't specify it. Once this is done, we are happy to either add it as a default or document it at least. Marking it as something to work on for the next version.
Why was this issue closed?
Thank you for your involvement. This issue was closed due to limited engagement (upvotes/activity), lack of recent activity, and insufficient actionability. To maintain a manageable database, we prioritize issues based on these factors.
If you disagree with this closure, please open a new issue and reference this one. More support or clarity on its necessity may prompt a review. Your understanding and cooperation are appreciated.
