Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core(navigation): Add an option to ignore https errors during navigation #7574

Closed
wants to merge 13 commits into from
Closed

core(navigation): Add an option to ignore https errors during navigation #7574

wants to merge 13 commits into from

Conversation

Janpot
Copy link
Contributor

@Janpot Janpot commented Mar 19, 2019

Summary

Adds an option, similar like puppeteer, to ignore https errors during page navigation.
I'm still planning to add tests, but opening a PR for discussion.

IMO, If the intent is to encourage people to sort out their security, then I think this should be turned into an audit, rather than a hard error.

Describe the need for this change

I'd like to be able to run lighthouse on pages that didn't sort out their security yet. And be able to extend lighthouse to include an audit that reflects the chrome security state.

Related Issues/PRs

@Janpot
core(navigation) Add an option to ignore https errors during navigation
261213b 
Adds an option, similar like puppeteer, to ignore https errors during page navigation.
I'm still planning to add tests, but opening a PR for discussion.

IMO, If the intent is to encourage people to sort out their security, then I think this should be turned into an audit, rather than a hard error.
@Janpot Janpot changed the title core(navigation) Add an option to ignore https errors during navigation core(navigation): Add an option to ignore https errors during navigation Mar 19, 2019
patrickhulce
patrickhulce reviewed Mar 19, 2019
View reviewed changes
Copy link
Collaborator

@patrickhulce patrickhulce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks very much for jumping in on this one @Janpot! driver-test.js should hopefully be much easier to navigate and update these days

more discussion is in #6655, but I, at least, believe this is the direction we should go 👍

@Janpot
Copy link
Contributor Author

Janpot commented Mar 19, 2019

@patrickhulce could it be that there is a broken/flaky test ((http://localhost:10200/tricky-main-thread.html?setTimeout))? Can't seem to reproduce locally, and I'm not sure how it's related.

@patrickhulce
Copy link
Collaborator

could it be that there is a broken/flaky test ((http://localhost:10200/tricky-main-thread.html?setTimeout))?

Yeah it's only failing on appveyor we've yet to look into it. Debugging appveyor-only failures isn't the easiest/most fun thing to do :)

patrickhulce
patrickhulce reviewed Mar 19, 2019
View reviewed changes
Copy link
Collaborator

@patrickhulce patrickhulce left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great to me @Janpot! Might want to hold off on writing tests until there's some other consensus this is the direction we want to go, but I like it 👍

@Janpot Janpot marked this pull request as ready for review March 20, 2019 06:39
@Janpot
Copy link
Contributor Author

Janpot commented Apr 1, 2019

@brendankenny @paulirish Any input on how to proceed here? I don't need this merged exactly tomorrow but it would be helpful for me to at least know what's the line of thinking on this of the team.

IMO lighthouse should treat security errors in a similar way as the http-status-code audit. Basically, accept insecure urls and use the Security.securityStateChanged to craft an audit that fails on those. I don't mind working on a PR for this.

@connorjclark
Copy link
Collaborator

I think this is great. Asking people to muck with certificates has proven to be too big an ask. I'll go ahead and update this branch w/ master.

@connorjclark connorjclark mentioned this pull request Apr 18, 2019
Closed
@paulirish paulirish mentioned this pull request Apr 19, 2019
Closed
@lbineau
Copy link

lbineau commented Apr 26, 2019

+1 for merging this feature, I cannot audit local website with invalidate HTTPS certificate.

@zzo
Copy link

zzo commented May 2, 2019

+1 please merge :)

@paulirish paulirish mentioned this pull request May 5, 2019
Merged
@vitalyzhakov
Copy link

I have interesting to merge this pull, because I want to make our website better.
Can I help something to do this big thing?

@infostreams infostreams mentioned this pull request May 21, 2019
Closed
@paulirish
Copy link
Member

closing in favor of #8865

@paulirish paulirish closed this May 25, 2019
@brendankenny brendankenny mentioned this pull request Jun 3, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@patrickhulce patrickhulce patrickhulce left review comments

@brendankenny brendankenny Awaiting requested review from brendankenny

@paulirish paulirish Awaiting requested review from paulirish

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@Janpot @patrickhulce @connorjclark @lbineau @zzo @vitalyzhakov @paulirish