rosshinkley
commented
7 years ago I'd be curious to see how you were trying to accomplish this with a preload. Also, silly question - did you try setting webSecurity to false?
Open zisismaras opened 7 years ago
rosshinkley
commented
7 years ago I'd be curious to see how you were trying to accomplish this with a preload. Also, silly question - did you try setting webSecurity to false?
zisismaras
commented
7 years ago Yes, i have webSecurity set to false.
About the preloader, i followed the default preloader in the repo and i have this:
__nightmare.electron = require("electron");
__nightmare.ipc = __nightmare.electron.ipcRenderer;
__nightmare.webFrame = __nightmare.electron.webFrame;
__nightmare.webFrame.registerUrlSchemeAsBypassingCsp("http");
...Not sure if what i am doing makes any sense, still pretty new to electron. I also tried to do the same on the server-side(main process?) but couldn't find a reference to the underlying electron instance in the nightmare object.
anaulin
commented
5 years ago I'm running into this same issue -- trying to bypass CSP. @zisismaras did you ever find a solution?
I was trying to go down the preload scrip route, but it seems like the preload script causes my tests to just hang and timeout. This happens even with just the two required lines stated in the documentation in https://github.com/segmentio/nightmare#custom-preload-script, and also if I use a custom preload script that just contains require('nightmare/lib/preload'). It's unclear to me if the preload script functionality works.
zisismaras
commented
5 years ago @anaulin Didn't find a proper way to solve this and i ended up with a really hacky workaround.
fyi:
I set up an internal proxy using https://github.com/greim/hoxy and had nightmare use it. On hoxy's intercept method i did something like this:
proxy.intercept("response", (req, resp, cycle) => {
delete resp.headers["content-security-policy"];
//if not using csp headers but html meta tags
//parse the html and delete the csp html meta tags
});I remember it was quite slow but it actually worked!
anaulin
commented
5 years ago Ah, thanks for the quick response, @zisismaras ! 🙌
I am trying to bypass CSP in order to run some eval() code or spawn web workers.
I found this issue on electron: https://github.com/electron/electron/issues/3430 which suggests using
webFrame.registerURLSchemeAsBypassingCSP(scheme)http://electron.atom.io/docs/api/web-frame/#webframeregisterurlschemeasbypassingcspschemeI have tried to do that in a preloader script but it doesn't seem to affect the page's policy.
Have you ever faced this or have any clue what might be wrong or a possible solution?
Thanks!