Closed VivaGrendel closed 7 years ago
I've just read issue #33. So the CSP issue is a known one. Does it mean axe-webdriverjs does not work (yet?) on CSP enabled web sites?
Reading Chrome documentation it seems the browser is now blocking inline scripts and the only way to "relax" this is to whitelist the script in the CSP header
See https://developer.chrome.com/extensions/contentSecurityPolicy#relaxing-inline-script
We are working on a fix for this. Closing due to duplicate.
Hello I'm trying to make example below (taken from the project's README) work on my local machine but it does not produce any result:
The browser is started and it navigates to the page but then, nothing. Investigation in the web console of the started browser (Chrome) shows:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src assets-cdn.github.com". Either the 'unsafe-inline' keyword, a hash ('sha256-XLagEkykG1v43U0BgF8iu7TAQJNjcpwT1QLNqImVlPk='), or a nonce ('nonce-...') is required to enable inline execution.
From what I understand, you try to inject the axe js code directly inside a script tag. This does not comply with default security policies of modern browsers.
I could not find proper or clean ways to disable CSP in the browsers I need to test.
Am I missing something or is there any workaround?