TestCafe, HTTPS and Multi-browser testing

Question

We are developing a web application which we are creating UI tests with Testcafe 1.5. All of the sites we are testing are HTTPS. Our tests are either run locally or on SauceLabs (for multi browser testing).

We have been successfully testing for a long time using either the browser settings:

• "chrome:headless --allow-insecure-localhost"
• "chrome --allow-insecure-localhost"
• "saucelabs:[email protected]:Windows 10"

Local Chrome version is 80. To do this, we use the following code:

   const selfSignedSertificate = require("openssl-self-signed-certificate");
   let hostrunner = "localhost"; # We change this to ip.address() if running on Sauce
   const sslOptions = ssl
      ? {
          key: selfSignedSertificate.key,
          cert: selfSignedSertificate.cert
        }
      : null;
    createTestCafe(hostrunner, 1337, 1338, sslOptions)

However, if we try to use different browsers as below, it fails. Chrome exception - "Your connection is not private" and NET:ERR_CERT_COMMON_NAME_INVALID. Or IE exception "This site is not secure" and DLG_FLAGS_INVALID_CA.

• "saucelabs:[email protected]:Windows 10"
• "ie" Local IE is version 11.592.18362.0.

I tried the following code to use the actual web server certificates, but to no avail:

const fs = require('fs');
let hostrunner = "localhost"; # We change this to ip.address() if running on Sauce
const sslOptions = ssl
  ? {
      key: fs.readFileSync('ws-key.pem'),
      cert: fs.readFileSync('ws-cert.pem'),
      allowHTTP1: true
    }
  : null;
createTestCafe(hostrunner, 1337, 1338, sslOptions)

When run against local IE the certificate the browser is complaining about is issued to/by localhost. When run against SauceLabs on Chrome80, the certificate the browser complains about is issued to/by "Sauce Labs Tunnel Proxy".

Note: We are also using gherkin-testcafe 2.3.4

Can anyone point out what I need to change to get around these issues?

Answer 1

Based on the TestCafe Test HTTPS and HTTP/2 Websites topic, you need to explicitly set a flag for each browser so that they don't restrict the use of the self-signed certificate.

For instance, in Firefox, you can toggle the network.websocket.allowInsecureFromHTTPS option (Is there a equivalent of allow-insecure-localhost flag of Google Chrome in Firefox?). For IE, you can specify a similar argument if it is available (IE10 websocket allowInsecureFromHttps).

As for the saucelab testing, you would want to pass the corresponding browser arguments when running tests. However, note that the saucelabs browser provider does not support passing arguments to browser aliases (https://github.com/DevExpress/testcafe-browser-provider-saucelabs/issues/48).