Opened 12 days ago
Last modified 7 days ago
#37149 assigned Cleanup/optimization
Make CSP violation checks in selenium tests work for multiple browsers
| Reported by: | Varun Kasyap Pentamaraju | Owned by: | VIZZARD-X |
|---|---|---|---|
| Component: | Testing framework | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Varun Kasyap Pentamaraju | Triage Stage: | Accepted |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Several integration tests currently verify that no Content Security Policy (CSP) violations occurred by inspecting browser logs in tearDown():
in django\contrib\admin\tests.py:
def tearDown(self): # Ensure that no CSP violations were logged in the browser. self.assertEqual(self.get_browser_logs(source="security"), [])
the current logic relying on get_browser_logs() to check no CSP violations:
def get_browser_logs(self, source=None, level="ALL"): """ Return Chrome console logs filtered by level and optionally source. """ try: logs = self.selenium.get_log("browser") except AttributeError: logs = [] return [ log for log in logs if (level == "ALL" or log["level"] == level) and (source is None or log["source"] == source) ]
however, get_browser_logs() is only supported for chrome and being skipped for non-chrome browsers.
A browser-independent alternative would be to register a securitypolicyviolation event listener in the test page and collect violations in tearDown().
Change History (3)
comment:1 by , 11 days ago
| Summary: | Use securitypolicyviolation event listener in tearDown() to check CSP violations for integration tests → Make CSP violation checks in selenium tests work for multiple browsers |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
comment:2 by , 9 days ago
| Cc: | added |
|---|
comment:3 by , 7 days ago
| Owner: | set to |
|---|---|
| Status: | new → assigned |
Note:
See TracTickets
for help on using tickets.
Thank you