feat(Page): introduce Page.setBypassCSP (#2324)

This patch introduces `page.setBypassCSP` method that allows clients
to ignore Content-Security-Policy for a given page.

Fixes #1229.
This commit is contained in:
Andrey Lushnikov 2018-04-06 16:35:50 -07:00 committed by GitHub
parent dfcee2e631
commit 35e34db198
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 57 additions and 0 deletions

View File

@ -90,6 +90,7 @@
* [page.reload(options)](#pagereloadoptions)
* [page.screenshot([options])](#pagescreenshotoptions)
* [page.select(selector, ...values)](#pageselectselector-values)
* [page.setBypassCSP(enabled)](#pagesetbypasscspenabled)
* [page.setCacheEnabled(enabled)](#pagesetcacheenabledenabled)
* [page.setContent(html)](#pagesetcontenthtml)
* [page.setCookie(...cookies)](#pagesetcookiecookies)
@ -1176,6 +1177,15 @@ page.select('select#colors', 'red', 'green', 'blue'); // multiple selections
Shortcut for [page.mainFrame().select()](#frameselectselector-values)
#### page.setBypassCSP(enabled)
- `enabled` <[boolean]> sets bypassing of page's Content-Security-Policy.
- returns: <[Promise]>
Toggles bypassing page's Content-Security-Policy.
> **NOTE** CSP bypassing happens at the moment of CSP initialization rather then evaluation. Usually this means
that `page.setBypassCSP` should be called before navigating to the domain.
#### page.setCacheEnabled(enabled)
- `enabled` <[boolean]> sets the `enabled` state of the cache.
- returns: <[Promise]>

View File

@ -610,6 +610,13 @@ class Page extends EventEmitter {
await this._client.send('Emulation.setScriptExecutionDisabled', { value: !enabled });
}
/**
* @param {boolean} enabled
*/
async setBypassCSP(enabled) {
await this._client.send('Page.setBypassCSP', { enabled });
}
/**
* @param {?string} mediaType
*/

View File

@ -1267,6 +1267,46 @@ module.exports.addTests = function({testRunner, expect, defaultBrowserOptions, p
});
});
describe('Page.setBypassCSP', function() {
it('should bypass CSP meta tag', async({page, server}) => {
// Make sure CSP prohibits addScriptTag.
await page.goto(server.PREFIX + '/csp.html');
await page.addScriptTag({content: 'window.__injected = 42;'}).catch(e => void e);
expect(await page.evaluate(() => window.__injected)).toBe(undefined);
// By-pass CSP and try one more time.
await page.setBypassCSP(true);
await page.reload();
await page.addScriptTag({content: 'window.__injected = 42;'});
expect(await page.evaluate(() => window.__injected)).toBe(42);
});
it('should bypass CSP header', async({page, server}) => {
// Make sure CSP prohibits addScriptTag.
server.setCSP('/empty.html', 'default-src "self"');
await page.goto(server.EMPTY_PAGE);
await page.addScriptTag({content: 'window.__injected = 42;'}).catch(e => void e);
expect(await page.evaluate(() => window.__injected)).toBe(undefined);
// By-pass CSP and try one more time.
await page.setBypassCSP(true);
await page.reload();
await page.addScriptTag({content: 'window.__injected = 42;'});
expect(await page.evaluate(() => window.__injected)).toBe(42);
});
it('should bypass after cross-process navigation', async({page, server}) => {
await page.setBypassCSP(true);
await page.goto(server.PREFIX + '/csp.html');
await page.addScriptTag({content: 'window.__injected = 42;'});
expect(await page.evaluate(() => window.__injected)).toBe(42);
await page.goto(server.CROSS_PROCESS_PREFIX + '/csp.html');
await page.addScriptTag({content: 'window.__injected = 42;'});
expect(await page.evaluate(() => window.__injected)).toBe(42);
});
});
describe('Page.addScriptTag', function() {
it('should throw an error if no options are provided', async({page, server}) => {
let error = null;