Can Selenium support the Content-Security-Policy header?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Can Selenium support the Content-Security-Policy header?

Daniel Shearer
I am looking to enable the Content-Security-Policy http header for my company's application. I see that Selenium disables the CSP feature in firefox, and forcing it to be enabled prevents Selenium from being able to drive the browser.

A comment on https://code.google.com/p/selenium/issues/detail?id=7640 also says that it will be next to impossible to fix this on the current FirefoxDriver implementation, but it might be possible in the future. 

Does anyone know if this will actually become possible in the future? Or is there some work around that allows CSP to be enabled without breaking Selenium? What would be required to get CSP working in a Selenium controlled browser? Is any work being done on this? Would it be worth my time to learn about Selenium development so I can contribute to this issue, or is it not feasible that Selenium will ever allow this?

Thanks.
Daniel

--
You received this message because you are subscribed to the Google Groups "Selenium Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/selenium-users/e81266f7-3ce9-4620-9f47-0c01c1d2336b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Can Selenium support the Content-Security-Policy header?

advanceautomation28
Hi..Did you find a solution for this?



On Friday, July 3, 2015 at 11:14:31 PM UTC-5, Daniel Shearer wrote:
I am looking to enable the Content-Security-Policy http header for my company's application. I see that Selenium disables the CSP feature in firefox, and forcing it to be enabled prevents Selenium from being able to drive the browser.

A comment on <a href="https://code.google.com/p/selenium/issues/detail?id=7640" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://code.google.com/p/selenium/issues/detail?id\x3d7640&#39;;return true;" onclick="this.href=&#39;https://code.google.com/p/selenium/issues/detail?id\x3d7640&#39;;return true;">https://code.google.com/p/selenium/issues/detail?id=7640 also says that it will be next to impossible to fix this on the current FirefoxDriver implementation, but it might be possible in the future. 

Does anyone know if this will actually become possible in the future? Or is there some work around that allows CSP to be enabled without breaking Selenium? What would be required to get CSP working in a Selenium controlled browser? Is any work being done on this? Would it be worth my time to learn about Selenium development so I can contribute to this issue, or is it not feasible that Selenium will ever allow this?

Thanks.
Daniel

--
You received this message because you are subscribed to the Google Groups "Selenium Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/selenium-users/0f34c461-2dd9-43c4-b708-625c40df97f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.