On Fri, Jul 10, 2015 at 2:42 PM, Daniel Shearer wrote:
I am looking to enable the Content-Security-Policy http header for my
company's application. I see that Selenium disables the CSP feature in
firefox, and forcing it to be enabled prevents Selenium from being able to
drive the browser.
I imagine that this is a limitation in the way FirefoxDriver is implemented.

It’s written as an add-on to Firefox and has the usual security
restrictions that other add-ons typically would have. It tries to
circumvent some of these by changing the profile’s preferences before
it starts Firefox:

A comment on https://code.google.com/p/selenium/issues/detail?id=7640 also
says that it will be next to impossible to fix this on the current
FirefoxDriver implementation, but it might be possible in the future.

Does anyone know if this will actually become possible in the future?
There is ongoing work on a driver implementation that lives inside
Gecko, codenamed Marionette, which will allow using WebDriver against
Firefox with CSP enabled.

It’s currently not the default in Selenium, but David Burns wrote up
some guidelines on how to try out a pre-release:


You received this message because you are subscribed to the Google Groups "Selenium Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to selenium-developers+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/selenium-developers/CAL_dnaVM9S138EMzB3L6dqYjBTXpG21WzUG_pXPFdqbQiG14%2BA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 2 of 2 | next ›
Discussion Overview
groupselenium-developers @
postedJul 13, '15 at 6:16p
activeJul 20, '15 at 10:51a

2 users in discussion

Andreas Tolfsen: 1 post Daniel Shearer: 1 post



site design / logo © 2021 Grokbase