[py] use local webserver for BiDi network auth/header tests

The BiDi network authentication and extra-header tests navigated to
postman-echo.com, an external service that makes the tests flaky and
dependent on network access. Move them onto the existing local
SimpleWebServer so everything runs on the same machine.

Adds a /basic-auth endpoint to the test webserver (401 + Basic
challenge, 200 once the expected credentials are supplied) and reuses
the existing /echo_headers route for the extra-header tests.

Author: AutomatedTester

py/test/selenium/webdriver/common/bidi_network_tests.py

@@ -98,11 +98,11 @@ def callback(request: Request):
 # origin, suppressing authRequired challenges in later tests — restart the
 # driver afterwards so challenge-dependent tests start clean.
 @pytest.mark.needs_fresh_driver
-def test_continue_with_auth(driver):
+def test_continue_with_auth(driver, pages):
     callback_id = driver.network.add_auth_handler("postman", "password")
     assert callback_id is not None, "Request handler not added"
     driver.browsing_context.navigate(
-        context=driver.current_window_handle, url="https://postman-echo.com/basic-auth", wait=ReadinessState.COMPLETE
+        context=driver.current_window_handle, url=pages.url("basic-auth"), wait=ReadinessState.COMPLETE
     )
     assert "authenticated" in driver.page_source, "Authorization failed"
 
@@ -410,32 +410,32 @@ def test_request_and_response_handlers_compose(driver, pages):
 # needs_fresh_driver: successful authentication warms the browser's HTTP auth
 # cache for the origin, which would suppress the challenge in later tests.
 @pytest.mark.needs_fresh_driver
-def test_provide_credentials_for_matching_url(driver):
+def test_provide_credentials_for_matching_url(driver, pages):
     def handle_authentication(auth):
         auth.provide_credentials("postman", "password")
 
-    handler_id = driver.network.add_authentication_handler(["https://postman-echo.com/**"], handle_authentication)
+    handler_id = driver.network.add_authentication_handler(["**/basic-auth"], handle_authentication)
     try:
-        _navigate(driver, "https://postman-echo.com/basic-auth")
+        _navigate(driver, pages.url("basic-auth"))
         assert "authenticated" in driver.page_source, "Authorization failed"
     finally:
         driver.network.remove_authentication_handler(handler_id)
 
 
-def test_cancel_authentication_challenge(driver):
+def test_cancel_authentication_challenge(driver, pages):
     def handle_authentication(auth):
         auth.cancel()
 
     handler_id = driver.network.add_authentication_handler(handle_authentication)
     try:
-        _navigate(driver, "https://postman-echo.com/basic-auth")
+        _navigate(driver, pages.url("basic-auth"))
         assert "authenticated" not in driver.page_source, "Cancelled challenge still authenticated"
     finally:
         driver.network.remove_authentication_handler(handler_id)
 
 
 @pytest.mark.needs_fresh_driver
-def test_authentication_handler_observes_challenge_details(driver):
+def test_authentication_handler_observes_challenge_details(driver, pages):
     challenges = []
 
     def handle_authentication(auth):
@@ -444,9 +444,9 @@ def handle_authentication(auth):
 
     handler_id = driver.network.add_authentication_handler(handle_authentication)
     try:
-        _navigate(driver, "https://postman-echo.com/basic-auth")
+        _navigate(driver, pages.url("basic-auth"))
         assert challenges, "Authentication handler did not run"
-        assert challenges[0][0].startswith("https://postman-echo.com/basic-auth")
+        assert challenges[0][0].endswith("/basic-auth")
     finally:
         driver.network.remove_authentication_handler(handler_id)
 
@@ -472,21 +472,21 @@ def test_clear_authentication_handlers_removes_all_intercepts(driver):
 # ---------------------------------------------------------------------------
 
 
-def test_extra_header_is_sent_with_requests(driver):
+def test_extra_header_is_sent_with_requests(driver, pages):
     driver.network.add_extra_header("x-selenium-extra", "extra-header-value")
     try:
-        _navigate(driver, "https://postman-echo.com/headers")
+        _navigate(driver, pages.url("echo_headers"))
         assert "x-selenium-extra" in driver.page_source, "Extra header not sent"
         assert "extra-header-value" in driver.page_source, "Extra header value not sent"
     finally:
         driver.network.clear_extra_headers()
 
 
-def test_removed_extra_header_is_not_sent(driver):
+def test_removed_extra_header_is_not_sent(driver, pages):
     driver.network.add_extra_header("x-selenium-extra", "extra-header-value")
     driver.network.remove_extra_header("x-selenium-extra")
 
-    _navigate(driver, "https://postman-echo.com/headers")
+    _navigate(driver, pages.url("echo_headers"))
     assert "x-selenium-extra" not in driver.page_source, "Removed extra header still sent"
     assert driver.network.intercepts == [], "Intercept not removed"
 

py/test/selenium/webdriver/common/webserver.py

@@ -20,6 +20,7 @@
 It serves the testing html pages that are needed by the webdriver unit tests.
 """
 
+import base64
 import contextlib
 import logging
 import os
@@ -45,6 +46,11 @@ def updir():
 DEFAULT_PORT = 8000
 HTML_ROOT = os.path.join(WEBDRIVER, "../../../../common/src/web")
 
+# Credentials accepted by the /basic-auth endpoint. Tests that exercise
+# authentication handlers must provide these to be considered authenticated.
+AUTH_USERNAME = "postman"
+AUTH_PASSWORD = "password"
+
 if not os.path.isdir(HTML_ROOT):
     raise Exception(
         "Can't find 'common_web' directory, try setting WEBDRIVER environment variable.\n"
@@ -80,6 +86,18 @@ def _serve_file(self, file_path):
         else:
             return content, "text/html"
 
+    def _is_authenticated(self):
+        """Return True when the request carries the expected Basic credentials."""
+        auth_header = self.headers.get("Authorization", "")
+        if not auth_header.startswith("Basic "):
+            return False
+        try:
+            decoded = base64.b64decode(auth_header.removeprefix("Basic ")).decode("utf-8")
+        except (ValueError, UnicodeDecodeError):
+            return False
+        username, _, password = decoded.partition(":")
+        return username == AUTH_USERNAME and password == AUTH_PASSWORD
+
     def _send_response(self, content_type="text/html"):
         """Send a response."""
         self.send_response(200)
@@ -116,6 +134,20 @@ def do_GET(self):
                 self.wfile.write(b"cookie set")
                 return
 
+            if path == "basic-auth":
+                if self._is_authenticated():
+                    self._send_response("application/json")
+                    self.wfile.write(b'{"authenticated": true}')
+                else:
+                    self.send_response(401)
+                    self.send_header("WWW-Authenticate", 'Basic realm="Fake Realm"')
+                    self.send_header("Content-type", "text/plain")
+                    self.end_headers()
+                    # Body must not contain the substring "authenticated" — tests
+                    # assert its absence when an auth challenge is cancelled.
+                    self.wfile.write(b"Access denied")
+                return
+
             file_path = os.path.join(HTML_ROOT, path)
             if path.startswith("page/"):
                 html = self._serve_page(path[5:])