From 6361e07ae471c8de4299dfc201dab3625b48339d Mon Sep 17 00:00:00 2001
From: Dmitry Gozman <dgozman@gmail.com>
Date: Tue, 12 May 2020 18:29:55 -0700
Subject: [PATCH] fix(docs): clarify repeating calls to setHTTPCredentials
 (#2212)

---
 docs/api.md                 |  2 +-
 test/browsercontext.spec.js | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/docs/api.md b/docs/api.md
index 305242e268173..7b83ebfe3fd6d 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -574,7 +574,7 @@ await browserContext.setGeolocation({latitude: 59.95, longitude: 30.31667});
 
 Provide credentials for [HTTP authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication).
 
-To disable authentication, pass `null`.
+> **NOTE** Browsers may cache credentials that resulted in successfull auth. That means passing different credentials after successfull authentication or passing `null` to disable authentication is unreliable. Instead, create a separate browser context that will not have previous credentials cached.
 
 #### browserContext.setOffline(offline)
 - `offline` <[boolean]> Whether to emulate network being offline for the browser context.
diff --git a/test/browsercontext.spec.js b/test/browsercontext.spec.js
index 295da1fdaa13e..dd3e58f43c6aa 100644
--- a/test/browsercontext.spec.js
+++ b/test/browsercontext.spec.js
@@ -482,6 +482,32 @@ describe('BrowserContext.setHTTPCredentials', function() {
     expect(response.status()).toBe(401);
     await context.close();
   });
+  it.fail(true)('should update', async({browser, server}) => {
+    server.setAuth('/empty.html', 'user', 'pass');
+    const context = await browser.newContext({
+      httpCredentials: { username: 'user', password: 'pass' }
+    });
+    const page = await context.newPage();
+    let response = await page.goto(server.EMPTY_PAGE);
+    expect(response.status()).toBe(200);
+    await context.setHTTPCredentials({ username: 'user', password: 'letmein' });
+    response = await page.goto(server.EMPTY_PAGE);
+    expect(response.status()).toBe(401);
+    await context.close();
+  });
+  it.fail(true)('should update to null', async({browser, server}) => {
+    server.setAuth('/empty.html', 'user', 'pass');
+    const context = await browser.newContext({
+      httpCredentials: { username: 'user', password: 'pass' }
+    });
+    const page = await context.newPage();
+    let response = await page.goto(server.EMPTY_PAGE);
+    expect(response.status()).toBe(200);
+    await context.setHTTPCredentials(null);
+    response = await page.goto(server.EMPTY_PAGE);
+    expect(response.status()).toBe(401);
+    await context.close();
+  });
   it('should return resource body', async({browser, server}) => {
     server.setAuth('/playground.html', 'user', 'pass');
     const context = await browser.newContext({