[Django] #37149: Use securitypolicyviolation event listener in tearDown() to check CSP violations for integration tests

[Django]

#37149: Use securitypolicyviolation event listener in tearDown() to check CSP
violations for integration tests
-------------------------------------+-------------------------------------
Reporter: Varun Kasyap | Type:
Pentamaraju | Cleanup/optimization
Status: new | Component: Testing
| framework
Version: dev | Severity: Normal
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Several integration tests currently verify that no Content Security Policy
(CSP) violations occurred by inspecting browser logs in `tearDown()`:

in `django\contrib\admin\tests.py`:

{{{
#!python
def tearDown(self):
# Ensure that no CSP violations were logged in the browser.
self.assertEqual(self.get_browser_logs(source="security"), [])
}}}

the current logic relying on `get_browser_logs()` to check no CSP
violations:

{{{
#!python
def get_browser_logs(self, source=None, level="ALL"):
"""
Return Chrome console logs filtered by level and optionally
source.
"""
try:
logs = self.selenium.get_log("browser")
except AttributeError:
logs = []
return [
log
for log in logs
if (level == "ALL" or log["level"] == level)
and (source is None or log["source"] == source)
]
}}}

however, `get_browser_logs()` is only supported for chrome and being
skipped for non-chrome browsers.

A browser-independent alternative would be to register a
`securitypolicyviolation` event listener in the test page and collect
violations in `tearDown()`.
--
Ticket URL: <https://code.djangoproject.com/ticket/37149>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.