Closed bjarketrux closed 1 year ago
Hey @bjarketrux 👋
@percy/dom package runs on the client's test browser when percySnapshot
is called, it requires the server which is serving the document to not send the CSP header for it to able to run.
you can verify it by doing the following
The support for this would need to be built on the user's end by either having a proxy that drops the CSP header or whitelisting for it to run E2E
Okay so the conclusion is wont-fix and with the following options as work around:
You mention whitelisting. Does percy has a trusted type policy name we can use?
You mention whitelisting. Does percy has a trusted type policy name we can use?
nothing that I could think of for trusted type, but say for connect-src
e.t.c we may use localhost:5338
The problem
Running percy against a site that has CSP trusted-types enabled fails.
Environment
@percy/cli
version: ^1.16.0Details
The website that the CSP header set (in this case an Angular SPA):
Workaround is to remove trusted types or use Firefox (as it does not support trusted-types yet.
Debug logs
Code to reproduce issue