I’m working with automated browser testing using Playwright and running into a problem with mixed content warnings. My setup has a reverse proxy in the container that maps domain names to localhost, so I need all requests to use HTTP instead of HTTPS.
When my test tries to call an API endpoint, I get this mixed content error:
Mixed Content: The page at 'https://example-api.test/' was loaded over HTTPS, but requested an insecure resource 'http://example-api.test/[email protected]'. This request has been blocked; the content must be served over HTTPS
Is there a way to disable this security check or force all requests to use HTTP protocol? I have to use HTTP because of my proxy configuration.
try using the --ignore-certificate-errors-spki-list and --ignore-certificate-errors flags when starting playwright. also see if ur reverse proxy is auto-redirecting to HTTPS - that might be the cause of the mixed content issue. i faced the same prob and changing my proxy to serve everything on HTTP solved it.
I’ve faced a similar mixed content error while using Playwright for automated tests, and I understand how frustrating it can be. One effective way to resolve this is to launch Playwright with the --disable-web-security and --allow-running-insecure-content flags. Additionally, consider setting ignoreHTTPSErrors: true in your Playwright configuration, although this won’t specifically solve mixed content issues. In my experience, serving everything over HTTP has yielded the best results. Furthermore, leveraging Playwright’s request interception feature allows you to adjust the protocol for outgoing requests, simplifying the testing process.
I ran into this same issue and found the easiest fix was just bypassing the security restrictions in the browser context. Add --disable-features=VizDisplayCompositor and --unsafely-treat-insecure-origin-as-secure=http://example-api.test to your browser launch args. This makes the browser treat your HTTP origins as secure. Another thing that worked great in my containerized setup was changing the base URL config so all API calls start with HTTP instead of trying to intercept HTTPS requests later. Just make sure your test config matches what your proxy expects from the start.