[Bug]: NewTab doesn't work properly with Chrome on 1.45 with --disable-web-security

[unickq]

Version

1.45.0

Steps to reproduce

import { expect, test } from "@playwright/test";

test("1.45 debug", async ({ page }) => {
  await page.goto("https://www.w3schools.com/tags/tryit.asp?filename=tryhtml_link_target");
  await page.getByText("Accept all & visit the site").click();

  const page1Promise = page.context().waitForEvent("page");
  await page.frameLocator('iframe[name="iframeResult"]').getByRole("link", { name: "Visit W3Schools.com!" }).click();
  const page1 = await page1Promise;
// URL is printed
  console.log(page1.url());
// Expect stuck
  await expect(page1).toHaveURL(/w3schools/, { timeout: 2_000 });
// locator() doesn't work
  await expect(page1.getByText("Learn to Code")).toBeVisible({ timeout: 2_000 });
});

Expected behavior

Works as it worked on 1.44.1

Actual behavior

It gets stuck

Additional context

• 1.45.0 - built-in chromium 127 fails, Webkit and FF are ok
• 1.44.1 - built-in chromium 125 ok, Webkit and FF are ok

Environment

System:
    OS: macOS 14.5
    CPU: (8) arm64 Apple M2
    Memory: 47.66 MB / 16.00 GB
  Binaries:
    Node: 20.14.0 - ~/.volta/tools/image/node/20.14.0/bin/node
    npm: 10.7.0 - ~/.volta/tools/image/node/20.14.0/bin/npm
  IDEs:
    VSCode: 1.90.2 - /usr/local/bin/code
  Languages:
    Bash: 3.2.57 - /bin/bash
  npmPackages:
    @playwright/test: ^1.45.0 => 1.45.0

UPD:
--disable-web-security

[pavelfeldman]

I had to modify the script because

• original page is broken and never stops loading
• i am in the US and have no cookie dialog

test("1.45 debug", async ({ page }) => {
  await page.goto("https://www.w3schools.com/tags/tryit.asp?filename=tryhtml_link_target", { waitUntil: "domcontentloaded" });
  // await page.getByText("Accept all & visit the site").click();

  const page1Promise = page.context().waitForEvent("page");
  await page.frameLocator('iframe[name="iframeResult"]').getByRole("link", { name: "Visit W3Schools.com!" }).click();
  const page1 = await page1Promise;
// URL is printed
  console.log(page1.url());
// Expect stuck
  await expect(page1).toHaveURL(/w3schools/, { timeout: 2_000 });
// locator() doesn't work
  await expect(page1.getByText("Learn to Code")).toBeVisible({ timeout: 2_000 });
});

And it works for me on all browsers:

Running 3 tests using 3 workers
[chromium] › example.spec.ts:20:6 › 1.45 debug
https://www.w3schools.com/
[firefox] › example.spec.ts:20:6 › 1.45 debug
https://www.w3schools.com/
[webkit] › example.spec.ts:20:6 › 1.45 debug
https://www.w3schools.com/
  3 passed (8.3s)

[truthanb]

On my windows pc this all worked, as it did for @pavelfeldman . On macos and in the docker container I was able to replicate @unickq 's issue.

[pavelfeldman]

I'm on macOS 14.5 for reference.

[superhit0]

I am facing a similar problem where in case of popups I am not getting title of the popup

const popupPromise = page.waitForEvent('popup');
  await page.setContent(`<a href="https://www.google.com" target="_blank">Go to Google</a>`);
  const locator = await page.locator('a');
  await locator.click();
  const popup = await popupPromise;
  await popup.waitForLoadState();

  // Works Fine
  expect(await popup.evaluate(() => document.title)).toMatch('Google');
  // Indefinitely Stuck
  expect(await popup.title()).toMatch('Google');

The problem is that I am not able to reproduce it in a standalone project but I am able to consistently face this problem in my company repo where we extend the test. I will comment again if I am able to reproduce it in a standalone project.

For now I am sending it here to see if we can get any inputs.

Edit1:
Removing --disable-web-security from launch args seem to solve the problem but trying to figure out why

Edit2:
I do not know why removing --disable-web-security fixes my problem but I am going ahead with that as we were not passing --disable-site-isolation-trials or --user-data-dir so that flag was a no-op for chromium anyways

[unickq]

That's interesting; I can't reproduce it anymore. Because of 127.0.6533.5 -> 127.0.6533.17?

But it's there with --disable-web-security, added to the first comment

[pavelfeldman]

I can repro, disabling web security skips some of the JS context-related signals so Playwright misbehaves. Why are you disabling the web security?

[superhit0]

For me, it came when we migrated from puppeteer to playwright and we did disable web security in chromium to disable csp and cors.

[pavelfeldman]

For me, it came when we migrated from puppeteer to playwright and we did disable web security in chromium to disable csp and cors.

Are you a testing solution or a scraping solution? If you are a testing solution, you are not really testing what your users will get.

[superhit0]

For me, it came when we migrated from puppeteer to playwright and we did disable web security in chromium to disable csp and cors.

Are you a testing solution or a scraping solution? If you are a testing solution, you are not really testing what your users will get.

Testing solution. Yeah --disable-web-security there would be security gaps that would be missed but then having something rather than nothing was preferred.

Now since the situation is better now. Thanks to playwright 🙌 , we have removed --disable-web-security so it should be better