Impossible to local test Request API or third party libraries in assets in latest Google Chrome



Hi,




I've been doing small POC Freshdesk custom app to integrate information from our public facing API to Freshdesk. The eventual app will allow our support agents to check if contacts are authorized from our in-house mini-CRM, but for now, we're just doing a POC to check if its viable.




The POC app is very simple, it should only try to get a message form our public configuration API.




I've had no luck being able to local test this. I've tried the solution you mentioned here:




https://support.freshdesk.com/support/discussions/topics/314311




Unfortunately, in the latest Google Chrome, setting "Load unsafe content" has no effect on this. Please see the attached GIF screencast for a demonstration.




The Chrome version I am trying to test on is: Version 58.0.3029.96 (64-bit)




We have also had no luck local testing libraries being included as assets. As this app may grow in complexity over time, we would like to build it in ES6. We've tried building our app.js using browserify/babel transpiling as suggested here:




https://support.freshdesk.com/support/discussions/topics/315098/page/last




Directly building app.js that way does not work, as it will not pass `frsh validate`. We then tried building our ES6 code as a separate library and sending the built code to assets/, so that our app.js (in ES5) could include that library, where all the logic would live.




We'd prefer building the app that way, as building up everything we need using jQuery would be very long winded.




We also found that was impossible to test locally, due to the same problem with the local test plugin.




We are also required by internal procedures to be able to prove we have unit test coverage for all new code. Testing jQuery interactions is technically possible, but very time consuming, so we would much rather be able to build a third party library based on something like React, which is easier to test, and just include that as an asset.




Further, we are required to cover all business software with automated acceptance tests, to ensure no deployments break any important interactions in our systems. We can use the CodeceptJS framework to control a Chrome instance with your extension pre-installed, but there is no way in that case to automatically enable "Load unsafe content", so even if that did work in the current version of Chrome, it would not be possible for us to use it in our acceptance tests.




So, for this to work, we will need the local testing server to support HTTPS, that way, there will be no need to enable "Load unsafe content" in the browser, and it would benefit everyone by having a more robust and realistic test environment.




Is there any possibility of implementing that change in the local testing server, and what sort of time frame would we be looking at?




We need to develop this app quite urgently for our own business needs. Our developer account is dev@synaq.com, and our Freshdesk instance is synaq.freshdesk.com.




Also, the POC app as it is now is on GitHub for you to test. We've reverted it to ES5 and jQuery only, just to test the Request API for now. As it stands, local testing of that is not possible.




You can view the POC Git repository here:


https://github.com/synaq/freshHello




Please let us know as soon as possible.




Willem Viljoen


SYNAQ



freshdesklocaltestmixedcontentproblem_26758.gif

This topic has been closed for comments

5 replies


HI Willem,




The GIF is not clear, I was able to see only mouse pointers. Local testing of your app was able to pull data from your internal server




Please refer the attached screen and correct if I am missing something. 






Thanks


Mahesh


screenshot2017-05-05at1.50.09am_26771.pngscreenshot2017-05-05at1.50.36am_26771.png

Hi Mahesh,




Apologies, it looks like that screen cast never recorded properly. I can still reproduce the problem on my local Google Chrome, I've added some screen shots to illustrate. After clicking "Load unsafe content", the page refreshes, and the address bar shows Not Secure as expected, but Chrome still refuses to load the content, as per the screenshots.




This is using the latest version of Chrome, Version 58.0.3029.96 (64-bit), on MacOS.




Which Chrome version are you using?




Willem


screenshot2017-05-05at09.07.36_26775.pngscreenshot2017-05-05at09.07.29_26775.pngscreenshot2017-05-05at09.04.18_26775.pngscreenshot2017-05-05at09.04.09_26775.png

Hi Willem,




My version of chrome is 57.0.2987.133 (64-bit).




Can you check with HTTP status and response you get from dprouter (in chrome network tab), did you also try accessing  URL https://sta-q.synaq.com/public-api/v1/configs/freshdeskHello.json from your browser.




Thanks


Mahesh



Hi Mahesh,




Sorry for the late reply, I've been focussing on other projects as this one has gotten stalled. I am able to directly access https://sta-q.synaq.com/public-api/v1/configs/freshdeskHello.json, but my version of Chrome refuses to access dprouter at all, so there's no return from there.




The problem appears to be that the latest Mac version of Chrome is ignoring the Load unsafe content switch altogether. Having to set "load unsafe content" is also not possible in our acceptance testing harness, so we would have no way of setting up our automated tests to cover this in future.




What we really need is for the local test server to start serving HTTPS requests.




Thanks


Willem



@william


We tried in 58.0.3029.81 (64-bit) and also on chrome release notes there doesn't seem to be any major deprecation or change notice.




Can you try running chrome with the flag : '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome' --allow-running-insecure-content as suggested in https://superuser.com/questions/487748/how-to-allow-chrome-browser-to-load-insecure-content.




For the acceptance testing concern, we believe test frameworks can be configured to run using the flag : --allow-running-insecure-content



Eg. CodeceptJS framework



https://github.com/Codeception/CodeceptJS/blob/14c1e0958e339aad1f98125009dc5c3d1bcd6457/examples/codecept.conf.example.js





"WebDriverIO": {
desiredCapabilities: {
browserName: 'chrome',
chromeOptions: {
args: ["--allow-running-insecure-content"]
}
}
}



Reference links:
http://codecept.io/helpers/WebDriverIO/
https://github.com/SeleniumHQ/selenium/wiki/DesiredCapabilities
https://sites.google.com/a/chromium.org/chromedriver/capabilities
http://shareonsite.blogspot.in/2016/06/load-unsafe-script-using-selenium-web.html
http://stackoverflow.com/questions/32740900/webdriverio-selenium-pass-command-line-arguments-into-chrome-from-config-js-file