I’m trying to run integration tests on a local host (with no HTTPS) using selenium with ChromeDriver.
Chrome requires an https certificate, but from this question i understand that i can circumvent this using the arg --ignore-certificate-errors
I have also added to my capabilities acceptInsecureCerts
, as this seems like the appropriate course of action (docs)
The response from the chromedriver is still not what I was expecting:
This site can’t provide a secure connection app sent an invalid response. ERR_SSL_PROTOCOL_ERROR
My code is below:
from selenium import webdriver from selenium.webdriver.chrome.options import Options # make options (principally to ignore certificate) options = webdriver.ChromeOptions() options.add_argument('--ignore-certificate-errors') # add acceptInsecureCerts capabilities = options.to_capabilities() capabilities['acceptInsecureCerts'] = True print(capabilities) # see below driver = webdriver.Remote( command_executor=SELENIUM_HUB, desired_capabilities=capabilities ) print(driver.__dict__) # see further below app_login_url = 'http://app:8000/accounts/login/' driver.get(app_login_url)
My capabilities:
{'acceptInsecureCerts': True, 'browserName': 'chrome', 'goog:chromeOptions': {'args': ['--ignore-certificate-errors'], 'extensions': []}, 'platform': 'ANY', 'version': ''}
Here is my driver info, it looks like only the acceptInsecureCerts
arg has been taken into account:
{'_file_detector': <selenium.webdriver.remote.file_detector.LocalFileDetector object at 0x7fb42bde10f0>, '_is_remote': True, '_mobile': <selenium.webdriver.remote.mobile.Mobile object at 0x7fb42bb5e400>, '_switch_to': <selenium.webdriver.remote.switch_to.SwitchTo object at 0x7fb42bdd4898>, 'capabilities': {'acceptInsecureCerts': True, 'acceptSslCerts': True, 'applicationCacheEnabled': False, 'browserConnectionEnabled': False, 'browserName': 'chrome', 'chrome': {'chromedriverVersion': '74.0.3729.6 ' '(255758eccf3d244491b8a1317aa76e1ce10d57e9-refs/branch-heads/3729@{#29})', 'userDataDir': '/tmp/.com.google.Chrome.vc1ZvB'}, 'cssSelectorsEnabled': True, 'databaseEnabled': False, 'goog:chromeOptions': {'debuggerAddress': 'localhost:40815'}, 'handlesAlerts': True, 'hasTouchScreen': False, 'javascriptEnabled': True, 'locationContextEnabled': True, 'mobileEmulationEnabled': False, 'nativeEvents': True, 'networkConnectionEnabled': False, 'pageLoadStrategy': 'normal', 'platform': 'Linux', 'proxy': {}, 'rotatable': False, 'setWindowRect': True, 'strictFileInteractability': False, 'takesHeapSnapshot': True, 'takesScreenshot': True, 'timeouts': {'implicit': 0, 'pageLoad': 300000, 'script': 30000}, 'unexpectedAlertBehaviour': 'ignore', 'version': '74.0.3729.169', 'webStorageEnabled': True, 'webdriver.remote.sessionid': '1cf77f237e966bac6ca15d4d9c107423'}, 'command_executor': <selenium.webdriver.remote.remote_connection.RemoteConnection object at 0x7fb42be0cf98>, 'error_handler': <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7fb427d08a20>, 'session_id': '1cf77f237e966bac6ca15d4d9c107423', 'w3c': False}
Why am i still seeing the ERR_SSL_PROTOCOL_ERROR
?
Advertisement
Answer
This error message…
This site can’t provide a secure connection app sent an invalid response. ERR_SSL_PROTOCOL_ERROR
…implies that the ChromeDriver was unable to initiate/spawn a new WebBrowser i.e. Chrome Browser session on your localhost.
As you are seeing this issue on your local host (with no HTTPS) as per this comment a blind fold solution would be to add the argument
--allow-insecure-localhost
through chromeOptions()
as follows:
'goog:chromeOptions': {'args': ['--allow-insecure-localhost'], 'extensions': []}
However your main issue seems to be with the capabilities where you have set platform
being set s ANY
as follows:
{'acceptInsecureCerts': True, 'browserName': 'chrome', 'goog:chromeOptions': {'args': ['--ignore-certificate-errors'], 'extensions': []}, 'platform': 'ANY', 'version': ''}
As per WebDriver – W3C Living Document the platformName section mentions, the following platform names are in common usage with well-understood semantics and, when matching capabilities, greatest interoperability can be achieved by honoring them as valid synonyms for well-known Operating Systems:
Key System --- ------ "linux" Any server or desktop system based upon the Linux kernel. "mac" Any version of Apple’s macOS. "windows" Any version of Microsoft Windows, including desktop and mobile versions.
Note:This list is not exhaustive.
When returning capabilities from New Session, it is valid to return a more specific platformName, allowing users to correctly identify the Operating System the WebDriver implementation is running on.
So instead of passing "platform":"ANY"
within the desiredCapabilities object, a more specific "platform":"linux"
will be more desirable approach.
You can find a relevant and related discussion in Curl error thrown for http POST to /session with params: {“desiredCapabilities”:{“browserName”:“chrome”,“platform”:“ANY” with Selenium and PHPUnit
Some more information about the ChromeDriver, Chrome and Selenium Client vrsion would have helped us to analyze the issue in a better way. However as per ChromeDriver history the following issues related to handling of certificate errors were addressed in the last few releases of ChromeDriver:
- Allow handling certificate errors via DevTools: As the headless chrome cannot show a UI warning for SSL certificate errors a fix was released to expose the errors as DevTools events and control the action to take through a DevTools command.
- Provide ability to handle certificate errors in Chromedriver/Selenium for headless: Earlier certain security related options that was controlled via CLI switches in the UI version of Chromium (like
--ignore-certificate-errors
) were silently ignored and can only be set via devtools. So it was necessary to override and handlecertificateError
events on the browser-target DevTools client. A fix was released implementing the usage of the new DevTools method to override certificate error handling browser-wide which allowed ignoring certificate errors in headless mode too. - Global certificate error handling via DevTools: Previously DevTools allowed handling certificate errors for individual targets / WebContents, but when a new target was created (e.g. clicking on a target=_blank link), it was not often not possible to send the
Security.enable
/Security.setOverrideCertificateErrors
commands quickly enough before a navigation is attempted. A fix was published with a simpler “ignore all cert errors” mode instead deprecated the old override command in favor of a newsetIgnoreCertificateErrors
command which also exposes the Security domain on the browser target to facilitate applying this override globally for the whole browser.
Conclusion
- Ensure that the following arguments/capabilities are added:
--allow-insecure-localhost
acceptInsecureCerts
--ignore-certificate-errors
- As you are using
'chromedriverVersion': '74.0.3729.6'
ensure that you are also using'chrome': '74.0'
(as per ChromeDriver v74.0.3729.6 Release Notes) - Ensure that you are using the latest released Selenium v3.141.59 clients.