How to run Lighthouse programmatically behind an authentication wall? - lighthouse

I would like to run a Lighthouse audit behind an authentication wall. For example, below I tried to run Lighthouse using PageSpeed Insights to a URL that usually resolves to my Gmail account. However, as seen below, the Lighthouse audit ran against the sign in page, not my Gmail.
Therefore, how can I run Lighthouse programmatically behind an authentication wall? I understand that I can log in to a page, navigate to the DevTools -> Audits page, and manually run an audit; however, I would like to figure out a way to do this programmatically (via PageSpeed Insights API call or via DevTools in a programmatic way is best, but via NodeJS is OK too).

You cannot do this 'out of the box' with just lighthouse.
google-lighthouse-puppeteer however allows you to use puppeteer to handle the login first and then run lighthouse.
It is a steep learning curve but once you master puppeteer it opens up lots of automated testing capabilities.

There seems to be a NPM distribution for Lightouse:
https://www.npmjs.com/package/lighthouse
Following the examples you should be able to use it with something like this:
lighthouse --output html --output-path ./report.html

Related

How can I ensure a persistent connection to a specific GCP Cloud Run instance?

I've built an app (with flask, flask-login and dash) on GCP Cloud Run. The app allows users to login, look at some fancy dashboards and leave comments on certain pages. It works great performance-wise: instances spin up quickly for users with minimal lag, the BigQuery interface I built works great and pub/sub messages sent from user interactions do exactly what they're supposed to do.
The only issue I'm having right now is that there's something weird about which instance of a container a user connects to. What will often happen is a user will login to my app via their browser successfully, and then when navigating to another password-protected page will receive a 401 error (seemingly randomly).
My belief is that this behavior is happening because the navigation request (clicking a link to another password protected page) from the user to another password protected page spins up another Cloud Run instance. Is there any way to force Cloud Run to maintain a specific instance of my container for a given request? So that if a user logs in and then navigates GCP doesn't take the next request and decide to autoscale?
I've experimented with setting the maximum number of requests for the app's frontend container to 1 but it doesn't seem to improve this behavior which happens sporadically throughout a given user's session.
To clarify, the frontend part of the app is still usable, but it is an annoying user experience to constantly have to login again.
Any help or guidance is appreciated!
The answer was as simple as turning on session affinity per #DazWilkin 's comment.
What I did:
Went to the Cloud Run dashboard on GCP and selected the service of interest
Clicked "Edit and Deploy New Revision"
Went to the "Connections"
Checked the box next to the "Session affinity" preview feature
Clicked deploy
This ended up completely solving the problem!

Google YOLO stop working : The client origin is not permitted to use this API

I assume it has something to do with this:
For me Google one Tap stopped working on all my sites that previously worked. I added API HTTP refer to restriction in console.developer.com, but I still get a warning message "The client origin is not permitted to use this API." any thoughts? If you go to the page https://www.wego.com/ you can see that Google one tap still works...
https://news.ycombinator.com/item?id=17044518#17045809
but Google YOLO stop working for everyone. I use it like many people for login and it just stop work.
My domain are obviously added on console.developers.google.com
Any ETA for fix this? Some information would be great for people who rely on it.
Google YOLO is not disabled. It is open to a small list of Google Partners.
The reason you were able to access it earlier was because it was open for a short period of time but the whitelist is now readded/enabled.
Reference:
https://twitter.com/sirdarckcat/status/994867137704587264
Google YOLO was put on whitelist after a client-side exploit became clear to google.
People could cover the login button of the prompt with something like a cookie consent (which we all know people automatically accept).
Therefor people could easily steal their gmail or other details due to this google decided to put it on whitelist and review the sites that are using this technology in order to ensure that they are using it as they should.
Google retroactively labeled One-Tap as a "closed beta".
https://developers.google.com/identity/one-tap/web
The beta test program for this API is currently closed. We are improving the API's cross-browser functionality and will provide updates here in the coming months.
The link for the entire project is currently 404, but the beta statement is visible on the wayback machine.

Can we manage the silent print always by PHP or Jquery

print.print_always_silent use to print the page without print dialog box. My question is, can we do this my PHP / JQUERY code?. Please Help me how know well abt this.
I hope not. That would mean any website could print any document from my printer when they want. Would be a huge security hole imho
This is certainly not possible through the browser with PHP, which runs on the server. It's also not possible with javascript: browser security ensures that. Imagine what might happen if any web site could print whenever it wanted to.
There are (or were) ActiveX controls available for IE that enabled this. It might be possible with a browser extension for Chrome or Firefox if you want to explore that.
One other possibility is setting up a printer on Google Cloud Print and having your PHP server print directly to that, bypassing the browser altogether. Handling the authentication behind such a scheme could be tricky, but the API is documented on Google's site.

With firebug stop loading so can see requests

I am trying to analyze a POST request using firebug. Using the net panel I can see the request, however when the POST has success the page then reloads and I only have a couple of seconds to actually look at the request and see what is going on. Is there a way I can pause it much like when analyzing scripts using this tool?
There is a "Persist" button on some of the tabs in Firebug. Just make sure to click it before doing your post.
[edit] Second row, third button from the left, on the Console and Net tabs.
Even better, if you're on Windows you can use Fiddler - an amazing and free HTTP debugger developed by some important guy on the Microsoft IE team.
With it you can conditionally intercept GET or POST requests, inspect and change parameters, break on responses, change responses (headers or body), reissue old requests and generally screw with your application during development.
Simply one of the most useful web development tools. Ever.
May require a little tweaking for localhost - see here
One solution would be to remove the refresh of the page from your code.
Then run your code to see the results.
You can use web developer tools plugin for Mozilla firefox, and disable meta redirects

taking a screenshot of user's current page in ruby on rails

this is fo debugging purpose, please take into account the following:
the user logs in to his/her account so manually fetching a url will not work - the screenshot must happen together when the user access his admin pages.
would love to receive guidelines specific for ruby on rails and heroku (i guess heroku is not much an issue i just dump the screenshot to s3).
so ideally like i mentioned in #1, when a user access a page, my app also takes a screenshot of the entire page and dumps it in a tmp folder.
can anyone point me how to handle that?
In order to get a screenshot of what the user is currently seeing, you have to have some code on the user's machine that uses the underlying operating system API to take the screenshot. The API calls involved are different for Windows, Mac OS X and Linux.
Ruby on Rails executes on the remote server and generates HTML and JavaScript etc. that is sent to the user's web browser. The HTML is rendered by the browser and the JavaScript executes within the browser's sandbox, where it has no direct access to the operating system API. The important point is that there is no direct interaction between the server-side code and the OS running on the user's computer. If this were possible then it would be a massive security hole.
Therefore it's not possible to do what you want programmatically unless you can first install a client-side program on the user's computer that can talk to your server-side code. It cannot be done using Ruby on Rails alone because it's a server-side web framework.
You can't do this without a user sending a screenshot themselves.

Resources