Closed sesh closed 11 months ago
Thanks for this - I'm going to land it as-is and then update the documentation. It's a really good implementation.
Manually tested this like so. First, without the flag:
shot-scraper javascript github.com "
async () => {
await import('https://cdn.jsdelivr.net/npm/left-pad/+esm');
return 'content-security-policy ignored' }
"
Error: TypeError: Failed to fetch dynamically imported module: https://cdn.jsdelivr.net/npm/left-pad/+esm
Then with the flag:
shot-scraper javascript github.com "
async () => {
await import('https://cdn.jsdelivr.net/npm/left-pad/+esm');
return 'content-security-policy ignored' }
" --bypass-csp
"content-security-policy ignored"
@sesh @simonw thank you for this!
Refs: #114
Adds a
--bypass-csp
option to the commands that allow Javascript to be executed.The additional test case that has been added loads Github and attempts to load an external module. With the
--bypass-csp
flag this will work. You can execute the following on the current version ofshot-scraper
to see it failing:The above will continue to fail with this change until
--bypass-csp
is added.I have added the flag to the documentation by have not added a new documentation block to the Javascript page for this yet. I'm happy to write up an example if you're keen to accept this PR.
I'm also interested in feedback in how the help text should be phrased. I went with the simplest possible phrasing but it does assume that the user knows what a CSP is.
:books: Documentation preview :books:: https://shot-scraper--116.org.readthedocs.build/en/116/