Add WebDriver BiDi CSP bypass checks#799
Conversation
|
At this point, I am mostly looking for feedback to know if the approach seems acceptable on your side, as it may impact the WebDriver BiDi PR I opened at w3c/webdriver-bidi#1068 There are 2 commits in this PR. The first one only integrates with the document initialization. From what I checked in the current implementation of the (similar) Page.setBypassCSP command in CDP, this is the only thing Chrome implements. However is doesn't cover cases where policies are dynamically added after the document initialization or when the document hasn't been initialized yet. So I have a second commit which covers additional integration points. Let me know if on your side you have a preference for only doing the simpler check at document initialization. I'm also checking the feasability of those additional checks on the implementation side, but for now the only prior art ios to disable CSP checks at initialization time. |
Adds an integration point for WebDriver BiDi to bypass Content Security Policy during automated testing. The bypass check is performed during CSP initialization for a Document, before any policies are processed. Matches current implementation for Chrome CDP Page.setBypassCSP
Adds BiDi bypass checks at various CSP enforcement points. Ensures CSP is bypassed even if policies are added after the initialization of the document or if the bypass was not set when the document was initialized..
23c98e3 to
74af2dd
Compare
We discussed this item in scope of the BiDi PR, w3c/webdriver-bidi#1068 (comment) and on our side we would prefer to cover as many integration points as possible. Tagging @mikewest for feedback |
Fixes #798
Updates several points (eg. document initialization as well as individual enforcement checks) to check if WebDriver BiDi CSP bypass is enabled for the relevant navigable.
If the bypass is enabled, the policy will not be added / applied.
The goal is to use this feature only in automation / remote control scenarios when the browser is controlled by a WebDriver BiDi session.
Tests will be added as wdspec tests in https://github.com/web-platform-tests/wpt/tree/master/webdriver/tests/bidi once the corresponding WebDriver BiDi PR is close to being accepted.