Update Content Security Policy when injecting deterministic js in raptor tp6 recordings
Categories
(Testing :: Raptor, enhancement, P3)
Tracking
(Not tracked)
People
(Reporter: Bebe, Unassigned)
References
Details
When injecting js code in raptor mitmproxy recordings we might trigger Content Security Policy
We need to update this policy when injecting code to make sure the js code gets executed properly
WPR is doing this when they are injecting js code:
https://github.com/catapult-project/catapult/blob/master/web_page_replay_go/src/webpagereplay/transformers.go#L336
The code that injects js in our recordings:
https://github.com/davehunt/raptor-studio/blob/master/scripts/inject-deterministic.py
Reporter | ||
Updated•5 years ago
|
Reporter | ||
Comment 1•5 years ago
|
||
One way to fix this is to disable CSP when running raptor tests
We can set "security.csp.enable": false in Firefox for example
for chrome: https://peter.sh/experiments/chromium-command-line-switches/#allow-running-insecure-content
Comment 2•5 years ago
|
||
:vchin we are injecting the deterministic JavaScript into our page load recordings now, and have seen an issue with sites use CSP (Content Security Policy). The webpagereplay tool replaces any CSP headers to allow the injected script. We can either implement a similar solution into our mitmproxy script, or as :bebe suggests we can disable CSP in Firefox/Chromium.
Could your team help to determine which of these is preferable? Disabling CSP is much easier, but is there an expected impact on performance, rendering our page load tests less useful? Note that fixing this via a mitmproxy script will necessitate recording page loads again with the new script injected.
Reporter | ||
Comment 3•5 years ago
|
||
I fallowed the wpr work and migrated it to mitmproxy.
Implemented here: https://github.com/davehunt/raptor-studio/pull/9
If you know any CSP websites or tests please let me know I want to test the implementation
Reporter | ||
Comment 4•5 years ago
|
||
Implemented in
https://github.com/davehunt/raptor-studio/pull/9
Reporter | ||
Updated•5 years ago
|
Comment 5•5 years ago
|
||
Sorry for being late getting to this but it seems like we've resolved the issue in question. Please let me know if there is anything else you need from me!
Description
•