I've been using Puppeteer to automate user journeys through various web portals and one of the things I've run into is the constant popups caused by using bad credentials. In this case, the browser told me that the password I'd just logged in with had been seen in a data breach. Now, this isn't a concern because they are testing credentials. However, I can see how this can easily mess up the script for other people where they can't just change their credentials.

Here is the dialog that I've been trying to get rid of:

The main problem is that the dialog completely disrupts the Puppeteer script and causes it to fail. I don't know how to auto-dismiss these popups, but I would assume these would still mess up the script while it's trying to fill in fields and click buttons. Worse still, when running the script in headless mode, it will not be readily apparent to the user that the script failed at the login page because of their bad password.

I know you can prevent this dialog from showing by going into Chrome Settings and disabling SafeBrowsing (chrome://settings/security), however, this is not something that then works when using Puppeteer as it is configured differently. I searched through this huge list of command line arguments for Google Chrome and I couldn't find anything specific to specifically disabling password breach dialogs or disabling SafeBrowsing entirely.

I saw there was a Windows-specific trick where you could write a Group Policy to the Windows Registry, but I need the solution to be cross-platform (i.e. also work on MacOS and Linux). Also, it's important that the solution isn't reliant upon using my user data directory as I need this script to work on other computers and even remote servers when I'm running Puppeteer in headless mode.

Example code which is enough to run into the issue. Note the main problem is not the code, but the use of a common password found in a data breach.

import puppeteer from 'puppeteer';

async function launchPuppeteer() {
    const browser = await puppeteer.launch({
        defaultViewport: null,
        executablePath: '/path/to/chrome/executable',
        headless: false,
        args: [ /* Chrome command line args go here */ ]
    });
    const page = await browser.newPage();
    // use page here . . .
}

Is there any command line argument for Chrome, or functionality within Puppeteer, to disable SafeBrowsing?

Yes and no. It is not possible to disable SafeBrowsing while using Puppeteer with Chromium command-line arguments.

However, it can be disabled in your browser's preferences, and these settings can be changed programmatically when using Puppeteer (specifically with an extension of it).

Solution:

1. You will need to install the following two dependencies:

npm install puppeteer-extra puppeteer-extra-plugin-user-preferences

• Puppeteer Extra: https://www.npmjs.com/package/puppeteer-extra
• User Preferences Plugin: https://www.npmjs.com/package/puppeteer-extra-plugin-user-preferences

2. Then use puppeteer-extra instead of puppeteer and attach the preferences plugin.

const puppeteer = require('puppeteer-extra');
puppeteer.use(require('puppeteer-extra-plugin-user-preferences')({
    userPrefs: {
        safebrowsing: {
            enabled: false,
            enhanced: false
        }
    }
}));

This code will set both safebrowsing.enabled and safebrowsing.enhanced to false, thereby disabling SafeBrowsing. This allows you avoid frustrating issues such as your script getting stuck on a browser dialog because of a bad password being typed into a login form.

3. You are done. You can now continue using Puppeteer as normal.

You can find a good list of preferences here: https://source.chromium.org/chromium/chromium/src/+/main:chrome/common/pref_names.h

You can verify that SafeBrowsing has been disabled by visiting this page in your testing browser: chrome://safe-browsing

Below is a screenshot of what it will look like by default: