search

cypress-io / cypress

Fast, easy and reliable testing for anything that runs in a browser.
https://cypress.io
MIT License
47.01k stars 3.18k forks source link

Add configuration to customize or disable Content Security Policy #29596

Open bukharov opened 5 months ago

bukharov commented 5 months ago

What would you like?

In this file you have a Content Security Policy that governs the test runner (line 12):

https://github.com/cypress-io/cypress/blob/develop/packages/driver/src/util/privileged_channel.ts

We'd like to be able to disable that or add directives to the policy.

Why is this needed?

When running using ESBuilld it prevents dynamic imports from working. Some of our tests have dynamic imports. Currently everything works fine with Webpack because it bundles everything together. ESBuild does not do that, so those imports stop working. We'd like to use ESBuild instead as the rest of the repository has been migrated to Vite.

Other

No response

jennifer-shehane commented 5 months ago

Does the experimentalCspAllowList help with your needs? https://docs.cypress.io/guides/references/experiments

bukharov commented 5 months ago

@jennifer-shehane no, as far as i understand that is for the application under test, while the one i referenced is for the tests themselves

bukharov commented 5 months ago

Basically we get a bunch of these 👇 for each dynamic import in the tests.

Screenshot 2024-06-03 at 5 17 11 PM
tomatkapitalise commented 3 months ago

Got the same issue as well, my scenario is when trying to use pdfjs-dist which requires you set workerSrc which loads a Worker script in the browser context. I'd like to use PDF.js to process a PDF.