Upgrade Playwright to 1.58.2

[nezlobnaya]

After upgrading from Playwright 1.45.3 to 1.58.2, the old E2E setup based on http://primo-explore-devenv:8003 became unstable. Chromium/Chrome started surfacing secure-context / private-network errors like request client is not a secure context and resource is in more-private address space 'local', see here, so the direct HTTP entrypoint was no longer reliable. To fix that, a dedicated HTTPS proxy (e2e-tls) was introduced and Playwright was moved to a single browser-facing origin: https://e2e.nyu.primo.exlibrisgroup.com, with ignoreHTTPSErrors: true for the self-signed certs.

That solved the main local blocker, but CircleCI still failed because e2e-tls depended on a bind-mounted nginx config. In remote Docker, nginx came up without the expected config, healthchecks failed, and the container never became healthy.

The final fix was to bake nginx/conf.d-e2e into Dockerfile.nginx-e2e, keep a simple local /healthz endpoint for proxy health, and keep a separate readiness wait in the e2e entrypoint for the real app route. That split made the E2E stack stable again locally and in CircleCI remote Docker: Docker checks ‘nginx is up’ the entrypoint checks ‘the app is ready’ and Playwright runs against one secure origin with ignoreHTTPSErrors: true.

About the new nginx proxy setup: nginx now sits in front of the whole E2E flow and gives the browser a single secure origin, https://e2e.nyu.primo.exlibrisgroup.com. From there it routes requests internally to the right backend: Primo app traffic goes to primo-explore-devenv, customization assets go to cdn-server, and selected upstream paths can still fall through to Ex Libris. It also rewrites JS responses that still contain baked CDN URLs so those assets are pulled back through the same E2E origin instead of crossing origins in the browser. That is why the nginx config is larger than a normal reverse proxy: it is not just terminating TLS, it is also enforcing the same-origin model that made the Playwright runs reliable again.

modifyCSPHeader was deprecated and removed because it was only a workaround for the old E2E setup. It stripped upgrade-insecure-requests from Primo’s CSP in Playwright so the browser would not interfere with insecure or cross-origin startup requests. After moving the suite behind the HTTPS e2e-tls proxy and a single browser-facing origin, that browser-side CSP patch was no longer needed. Nginx was solving the problem structurally, so the helper and its unit tests were removed.

An obsolete E2E spec, matching-url-pattern.spec.js, was also removed. That test only exercised a Playwright-side response interception pattern that stripped upgrade-insecure-requests from the CSP header for /discovery/search. After the move to the HTTPS e2e-tls proxy and single browser-facing origin, that approach was no longer part of the active E2E design. The test was therefore validating a deprecated workaround rather than current system behavior, so it was deleted.

CONTAINER_MODE was removed for the same reason. Once the Docker-based HTTPS proxy setup became the only supported E2E path, there was no longer a need for the codebase to branch between container and non-container behavior. Keeping CONTAINER_MODE would have preserved an obsolete execution mode that no longer matched the actual test environment, so it was removed along with the non-container path.

A small CircleCI diagnostics step was also added for failures. When the E2E job fails, Circle now captures Docker state such as container status, app-e2e-tls-1 logs, and container inspect output. That made it possible to see that the CI problem was not the upstream app, but that e2e-tls was starting without the expected nginx config and never becoming healthy.