Can Selenium support the Content-Security-Policy header?
1,971 views
Skip to first unread message
Daniel Shearer
Jul 13, 2015, 2:16:04 PM7/13/15
to selenium-...@googlegroups.com
I am looking to enable the Content-Security-Policy http header for my company's application. I see that Selenium disables the CSP feature in firefox, and forcing it to be enabled prevents Selenium from being able to drive the browser.
A comment on https://code.google.com/p/selenium/issues/detail?id=7640 also says that it will be next to impossible to fix this on the current FirefoxDriver implementation, but it might be possible in the future.
Does anyone know if this will actually become possible in the future? Or is there some work around that allows CSP to be enabled without breaking Selenium? What would be required to get CSP working in a Selenium controlled browser? Is any work being done on this? Would it be worth my time to learn about Selenium development so I can contribute to this issue, or is it not feasible that Selenium will ever allow this?
Thanks.
Daniel
Andreas Tolfsen
Jul 20, 2015, 6:51:14 AM7/20/15
to selenium-...@googlegroups.com
On Fri, Jul 10, 2015 at 2:42 PM, Daniel Shearer <nicke...@gmail.com> wrote:
> I am looking to enable the Content-Security-Policy http header for my
> company's application. I see that Selenium disables the CSP feature in
> firefox, and forcing it to be enabled prevents Selenium from being able to
> drive the browser.
I imagine that this is a limitation in the way FirefoxDriver is implemented.
> I am looking to enable the Content-Security-Policy http header for my
> company's application. I see that Selenium disables the CSP feature in
> firefox, and forcing it to be enabled prevents Selenium from being able to
> drive the browser.
It’s written as an add-on to Firefox and has the usual security
restrictions that other add-ons typically would have. It tries to
circumvent some of these by changing the profile’s preferences before
it starts Firefox:
https://github.com/SeleniumHQ/selenium/blob/master/javascript/firefox-driver/webdriver.json
> A comment on https://code.google.com/p/selenium/issues/detail?id=7640 also
> says that it will be next to impossible to fix this on the current
> FirefoxDriver implementation, but it might be possible in the future.
>
> Does anyone know if this will actually become possible in the future?
Gecko, codenamed Marionette, which will allow using WebDriver against
Firefox with CSP enabled.
It’s currently not the default in Selenium, but David Burns wrote up
some guidelines on how to try out a pre-release:
http://www.theautomatedtester.co.uk/blog/2015/who-wants-to-be-an-alpha-tester-for-marionette.html
Reply all
Reply to author
Forward
0 new messages