mirror of
https://github.com/microsoft/playwright.git
synced 2024-12-13 17:14:02 +03:00
fix(trace viewer): force https requests from https snapshots (#21317)
Set 'Content-Security-Policy: upgrade-insecure-requests' header for snapshots to force all `http` subresources into `https` and avoid blocked resources because of mixed-content. References #21263.
This commit is contained in:
parent
e222874445
commit
d9b0c58b96
@ -65,6 +65,13 @@ async function doFetch(event: FetchEvent): Promise<Response> {
|
||||
const request = event.request;
|
||||
const client = await self.clients.get(event.clientId);
|
||||
|
||||
// When trace viewer is deployed over https, we will force upgrade
|
||||
// insecure http subresources to https. Otherwise, these will fail
|
||||
// to load inside our https snapshots.
|
||||
// In this case, we also match http resources from the archive by
|
||||
// the https urls.
|
||||
const isDeployedAsHttps = self.registration.scope.startsWith('https://');
|
||||
|
||||
if (request.url.startsWith(self.registration.scope)) {
|
||||
const url = new URL(unwrapPopoutUrl(request.url));
|
||||
const relativePath = url.pathname.substring(scopePath.length - 1);
|
||||
@ -102,7 +109,10 @@ async function doFetch(event: FetchEvent): Promise<Response> {
|
||||
if (relativePath.startsWith('/snapshot/')) {
|
||||
if (!snapshotServer)
|
||||
return new Response(null, { status: 404 });
|
||||
return snapshotServer.serveSnapshot(relativePath, url.searchParams, url.href);
|
||||
const response = snapshotServer.serveSnapshot(relativePath, url.searchParams, url.href);
|
||||
if (isDeployedAsHttps)
|
||||
response.headers.set('Content-Security-Policy', 'upgrade-insecure-requests');
|
||||
return response;
|
||||
}
|
||||
|
||||
if (relativePath.startsWith('/sha1/')) {
|
||||
@ -126,10 +136,7 @@ async function doFetch(event: FetchEvent): Promise<Response> {
|
||||
return new Response(null, { status: 404 });
|
||||
|
||||
const lookupUrls = [request.url];
|
||||
// When trace viewer is deployed over https, Chrome changes http subresources
|
||||
// in snapshots to https, presumably to avoid mixed-content.
|
||||
// In this case, we additionally match http resources from the archive.
|
||||
if (self.registration.scope.startsWith('https://') && request.url.startsWith('https://'))
|
||||
if (isDeployedAsHttps && request.url.startsWith('https://'))
|
||||
lookupUrls.push(request.url.replace(/^https/, 'http'));
|
||||
return snapshotServer.serveResource(lookupUrls, snapshotUrl);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user