PhantomJS, Capybaras, and Poodles
The client that I am working with runs a web store and needed some changes made to the Spree/Paypal Express Checkout gateway to support receiving addresses from Paypal. This involves a fair amount of coordination between Paypal and Spree. It’s also fairly mission critical. This is the kind of code that requires a fair amount of testing. It is also the kind of code that is best tested via integration/acceptance level of testing.
We use Capybara and PhantomJS to drive the acceptance level tests. PhantomJS is a great little headless browser that makes it very easy to run acceptance tests on a CI server (or on a developer system).
The tests that interracted with Paypal’s sandbox started to fail on Friday. It turns out that PhantomJS defaults to SSLv3 when connecting to a SSL enabled site. Paypal had started to disable SSLv3 across their site.
The good news is that there is an easy workaround to convince PhantomJS to use TLSv1 when connecting to an SSL web site. All you need to do is to add the following snippet to your spec/spec_helper.rb
file:
1 2 3 4 5 | Capybara.register_driver :poltergeist do |app| Capybara::Poltergeist::Driver.new(app, :phantomjs_options => ['--ssl-protocol=TLSv1'], :debug => false) end end |
At this point, the tests started to pass again.
Update:
You can also tell PhantomJS to use any SSL/TlS protocol with the following syntax:
1 2 3 4 5 | Capybara.register_driver :poltergeist do |app| Capybara::Poltergeist::Driver.new(app, :phantomjs_options => ['--ssl-protocol=ANY'], :debug => false) end end |
This will trigger the usual SSL/TlS negotiation and allow the connection to proceed with any supported protocol version.