Summary
Add support for Playwright's native clientCertificates option to enable mutual TLS (mTLS) authentication with endpoints that require client certificates.
Use Case
Enterprise applications often require client certificate authentication for API endpoints. Native Playwright supports this via clientCertificates in browser context options, but MCP users cannot configure this.
Example - Native Playwright (works):
// playwright.config.ts
export default defineConfig({
use: {
clientCertificates: [{
origin: 'https://secure-api.example.com',
certPath: './certs/client.crt',
keyPath: './certs/client.key',
}],
ignoreHTTPSErrors: true,
},
});MCP (not possible):
The playwright_navigate tool only accepts: url, browserType, headless, width, height, timeout, waitUntil. No certificate options exist.
Proposed Solution
Add certificate configuration to the MCP server, either via:
- Tool parameter - Add
clientCertificates array to navigation/context tools
- Server configuration - Accept cert config at MCP server startup
- Environment variables - Read cert paths from env vars
Option 1: Tool Parameter
// New parameter for playwright_navigate or a new tool
{
url: "https://secure-api.example.com",
clientCertificates: [{
origin: "https://secure-api.example.com",
certPath: "/path/to/client.crt",
keyPath: "/path/to/client.key"
}]
}Option 2: Server Config (recommended)
// MCP server config
{
"command": "npx",
"args": ["-y", "@playwright/mcp"],
"env": {
"PLAYWRIGHT_CLIENT_CERT_ORIGIN": "https://secure-api.example.com",
"PLAYWRIGHT_CLIENT_CERT_PATH": "/path/to/client.crt",
"PLAYWRIGHT_CLIENT_KEY_PATH": "/path/to/client.key"
}
}Alternatives Considered
- Manual browser certificate selection: Doesn't work for automation
- Proxy with cert injection: Adds complexity and latency
- Using native Playwright tests: Works but loses MCP integration benefits
Additional Context
This would enable enterprise users to use MCP for authenticated browser automation, expanding the use cases significantly beyond public websites.
Related Playwright docs: https://playwright.dev/docs/api/class-testoptions#test-options-client-certificates
Summary
Add support for Playwright's native
clientCertificatesoption to enable mutual TLS (mTLS) authentication with endpoints that require client certificates.Use Case
Enterprise applications often require client certificate authentication for API endpoints. Native Playwright supports this via
clientCertificatesin browser context options, but MCP users cannot configure this.Example - Native Playwright (works):
MCP (not possible):
The
playwright_navigatetool only accepts:url,browserType,headless,width,height,timeout,waitUntil. No certificate options exist.Proposed Solution
Add certificate configuration to the MCP server, either via:
clientCertificatesarray to navigation/context toolsOption 1: Tool Parameter
Option 2: Server Config (recommended)
Alternatives Considered
Additional Context
This would enable enterprise users to use MCP for authenticated browser automation, expanding the use cases significantly beyond public websites.
Related Playwright docs: https://playwright.dev/docs/api/class-testoptions#test-options-client-certificates