-
Notifications
You must be signed in to change notification settings - Fork 35
axe-cli hangs on websites with limited CSP #19
Comments
Example site https://www.dunkman.me |
I did some searching today (also because I'm working on a related problem with Attest devtools). It looks like the only way to get around this is to disable CSP in user preferences. There are no dedicated flags available in Chrome of Firefox to turn it off, nor does webdriver fix this for us. Funny enough, when I was searching for solutions, this issue right here was just about the only thing I could find of someone trying to do this. |
@WilcoFiers I think we could get around this by switching to puppeteer I asked @stephenmathieson to look into this as part of what he is going to be working on |
I thought that only worked for Chrome, no? |
Yes, Puppeteer is designed to work with Chrome. It could technically work with anything that implements the DevTools Protocol, but I don't know of a browser other than Chrome that does this. I'll be spending some time thinking about this and experimenting with potential solutions to this issue over the next few days. |
Has this been resolved? |
Related to dequelabs/axe-webdriverjs#35, axe-cli hangs on websites that have a limited Content Security Policy (CSP). Because axe-cli injects a script to make sure you're on the same page (similar to how we used to do it in axe-webdriverjs), it can suffer from the same-origin policy depending on how that site is implemented.
How to reproduce:
I commented out lines 32-43 to avoid the script tag creation and inject the script directly (that was our fix in axe-webdriverjs) but it threw this error:
I'll keep looking into it, but I wanted to document this while it was on the top of my head.
The text was updated successfully, but these errors were encountered: