I’m working on a project with Playwright and I’ve run into a snag. My setup includes a reverse proxy in a pod that converts the hostname to localhost. The problem is I need all requests to use http instead of https.
When I try to access my API through the headless browser, I get an error about mixed content. It says the page was loaded over HTTPS but I’m requesting an insecure resource over HTTP. The browser is blocking this request.
Here’s a simplified version of the error:
Error: Mixed Content
Secure page loaded, insecure resource blocked
Requested: http://myapi.example.com/?user=johndoe
Does anyone know how to fix this? I really need to use HTTP for my specific setup. Is there a way to configure Playwright or the browser to allow these insecure requests? Any help would be great!
have u tried using page.setExtraHTTPHeaders()? u can set it to downgrade the content security policy. like this:
await page.setExtraHTTPHeaders({
‘Content-Security-Policy’: ‘upgrade-insecure-requests’
});
it might help bypass the mixed content error. lmk if it works!
Have you considered using a service worker to intercept and modify requests? This approach can be effective for handling mixed content issues in headless environments.
Here’s a basic implementation:
await page.evaluateOnNewDocument(() => {
if ('serviceWorker' in navigator) {
navigator.serviceWorker.register('/sw.js', { scope: '/' });
}
});
In your service worker file (sw.js), you can intercept requests and modify them:
self.addEventListener('fetch', event => {
let url = new URL(event.request.url);
if (url.protocol === 'https:') {
url.protocol = 'http:';
event.respondWith(fetch(url, event.request));
}
});
This method allows you to handle the protocol switch without modifying your main script. It’s a clean solution that works well in many scenarios. Just ensure you’re aware of the security implications of downgrading to HTTP.
Hey there! I’ve dealt with similar issues before, and I think I might have a solution for you. Have you considered using request interception? It’s a powerful feature in Playwright that can help you modify requests on the fly.
Here’s what you can do:
await page.route('**/*', (route, request) => {
let url = request.url();
if (url.startsWith('https://')) {
url = url.replace('https://', 'http://');
route.continue({ url });
} else {
route.continue();
}
});
This code intercepts all requests and changes HTTPS to HTTP. It’s worked wonders for me in similar situations. Just make sure to add this before navigating to your page.
Remember though, this is a workaround and might have security implications. In the long run, it’s better to address the root cause if possible. Have you considered talking to your DevOps team about reconfiguring the reverse proxy to handle HTTPS internally? That could be a more permanent solution.
Let me know if this helps or if you need any clarification!