Selenium - Basic Authentication via url
There were some updates in this link
as :
Chromium Issue 435547
Drop support for embedded credentials in subresource requests. (removed)We should block requests for subresources that contain embedded credentials (e.g. "http://ima_user:[email protected]/yay.tiff"). Such resources would be handled as network errors.
However, Basic Authentication functionality still works with Selenium 3.4.0, geckodriver v0.18.0, chromedriver v2.31.488763, Google Chrome 60.x and Mozilla Firefox 53.0 through Selenium-Java bindings.
Here is the example code which tries to open the URL http://the-internet.herokuapp.com/basic_auth with a valid set of credentials and it works.
Firefox:
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.firefox.FirefoxDriver;
public class BasicAuthentication_FF
{
public static void main(String[] args)
{
System.setProperty("webdriver.gecko.driver", "C:\\Utility\\BrowserDrivers\\geckodriver.exe");
WebDriver driver = new FirefoxDriver();
driver.navigate().to("http://admin:[email protected]/basic_auth");
}
}
Chrome:
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriver;
import org.openqa.selenium.chrome.ChromeOptions;
public class BasicAuthentication_Chrome
{
public static void main(String[] args)
{
System.setProperty("webdriver.chrome.driver", "C:\\Utility\\BrowserDrivers\\chromedriver.exe");
ChromeOptions options = new ChromeOptions();
options.addArguments("start-maximized");
options.addArguments("disable-infobars");
options.addArguments("--disable-extensions");
WebDriver driver = new ChromeDriver(options);
driver.navigate().to("http://admin:[email protected]/basic_auth");
}
}
Florent B.'s approach of calling .get on the URL twice worked for me with a slight modification. In JS:
driver
.get('http://admin:admin@localhost:8080')
.then( () => driver.get('http://localhost:8080') )
working on google chrome 62.0.3202.94 with ChromeDriver 2.33.506092 and the approach seems compatible with firefox 56.0.2 with geckodriver 0.19.1, and phantomjs 2.1.1 all under Debian linux 9.
What I believe is happening is the first call sets up the Authorization header sent by the browser. The second call removes the credentials from the URL and the credentials no longer are applied to subresources. The then
synchronizes the two requests ensuring order.
The basic authentication via url is blocked only for sub resources. So you could still use it on the domain:
driver.get("http://admin:admin@localhost:8080");
driver.get("http://localhost:8080/project");
You could also create a small extension to automatically set the credentials when they are requested:
options = webdriver.ChromeOptions()
options.add_extension(r'C:\dev\credentials.zip')
https://gist.github.com/florentbr/25246cd9337cebc07e2bbb0b9bf0de46