11

In my Selenium-Test (with chromedriver-2.24) I'm trying to access my webpage via basic authentication with the following statement: 

WebDriver driver  = ...;
driver.get("http://admin:admin@localhost:8080/project/");

But Google Chrome gives me the following warning in the console:

[Deprecation] Subresource requests whose URLs contain embedded credentials (e.g. https://user:pass@host/) are blocked. See https://www.chromestatus.com/feature/5669008342777856 for more details.

In the tagged link is mentioned that the support was dropped:

Drop support for embedded credentials in subresource requests. (removed)

My question now is, is there an other way to basic-authenticate from Selenium?

NOTE: this has not helped: How to Handle HTTP Basic Auth headers in Selenium Webdriver using Java ?

undetected Selenium
  • 183,867
  • 41
  • 278
  • 352
Lino
  • 19,604
  • 6
  • 47
  • 65
  • Try solution from: https://stackoverflow.com/a/44588777/5546988 – jadupl Jul 27 '17 at 09:46
  • @jadupl the solution suggested from the link doesn't work for me, the credentials are not cached after the first call... – Lino Jul 27 '17 at 09:58
  • Then probably only solution for You is to setup proxy server to which You will connect with WebDriver, and proxy server will add basic auth header – jadupl Jul 27 '17 at 10:13

6 Answers6

9

The basic authentication via url is blocked only for sub resources. So you could still use it on the domain:

driver.get("http://admin:admin@localhost:8080");
driver.get("http://localhost:8080/project");

You could also create a small extension to automatically set the credentials when they are requested:

options = webdriver.ChromeOptions()
options.add_extension(r'C:\dev\credentials.zip')

https://gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46

Florent B.
  • 41,537
  • 7
  • 86
  • 101
7

There were some updates in this link as :

Chromium Issue 435547 Drop support for embedded credentials in subresource requests. (removed)

We should block requests for subresources that contain embedded credentials (e.g. "http://ima_user:hunter2@example.com/yay.tiff"). Such resources would be handled as network errors.

However, Basic Authentication functionality still works with Selenium 3.4.0, geckodriver v0.18.0, chromedriver v2.31.488763, Google Chrome 60.x and Mozilla Firefox 53.0 through Selenium-Java bindings.

Here is the example code which tries to open the URL http://the-internet.herokuapp.com/basic_auth with a valid set of credentials and it works.

Firefox:

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;

public class BasicAuthentication_FF 
{
    public static void main(String[] args) 
    {
        System.setProperty("webdriver.gecko.driver", "C:\\Utility\\BrowserDrivers\\geckodriver.exe");
        WebDriver driver =  new FirefoxDriver();
        driver.navigate().to("http://admin:admin@the-internet.herokuapp.com/basic_auth");
    }
}

Chrome:

import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriver;
import org.openqa.selenium.chrome.ChromeOptions;

public class BasicAuthentication_Chrome 
{
    public static void main(String[] args) 
    {
        System.setProperty("webdriver.chrome.driver", "C:\\Utility\\BrowserDrivers\\chromedriver.exe");
        ChromeOptions options = new ChromeOptions();
        options.addArguments("start-maximized");
        options.addArguments("disable-infobars");
        options.addArguments("--disable-extensions");
        WebDriver driver =  new ChromeDriver(options);
        driver.navigate().to("http://admin:admin@the-internet.herokuapp.com/basic_auth");
    }
}
undetected Selenium
  • 183,867
  • 41
  • 278
  • 352
2

Florent B.'s approach of calling .get on the URL twice worked for me with a slight modification. In JS:

driver
        .get('http://admin:admin@localhost:8080')
        .then( () => driver.get('http://localhost:8080') )

working on google chrome 62.0.3202.94 with ChromeDriver 2.33.506092 and the approach seems compatible with firefox 56.0.2 with geckodriver 0.19.1, and phantomjs 2.1.1 all under Debian linux 9.

What I believe is happening is the first call sets up the Authorization header sent by the browser. The second call removes the credentials from the URL and the credentials no longer are applied to subresources. The then synchronizes the two requests ensuring order.

Tongfa
  • 2,078
  • 1
  • 16
  • 14
2

New features for chrome and basic authentication via remote-debug: just for linking it here, so people who are stuck can find a solution for chrome and more: Chrome remote debugging in a seleniumgrid

Henning Luther
  • 2,067
  • 15
  • 22
2

Selenium 4 supports basic authentication

WebDriver driver = new ChromeDriver();
HasAuthentication authentication = (HasAuthentication) driver;
authentication.register(() -> new UsernameAndPassword("username", "pwd"));
driver.get("your-site.com");

https://www.selenium.dev/blog/2021/a-tour-of-4-authentication/

Sujit
  • 404
  • 5
  • 14
0

Such Basic authentication will not be supported directly using the selenium driver.get(URL) method to load a URL prompting for authentication within a JavaScript Popup, I was also stuck here for a long time. It's because of Chrome driver will not allow such authentication techniques after the update 59 (probably). There are still backdoors via Selenium using the JavaScript engine in the browser to load such URLs.

driver.get("https://www.google.com");
JavascriptExecutor jse = (JavascriptExecutor) driver;
URL = "https://username:password@www.example.com";
jse.executeScript("window.open('"+URL+"')");
TechRookie
  • 171
  • 2
  • 4