Relaxing Chrome's CSP while running tests (webdriver) (Content-Security-policy)

Question

I'm trying to relax Chrome's CSP while running a test using proctractor (webdriver, chromedriver).

So the solution can be either

1. a flag like "--disable-csp" which dose not exist according to my search results.
2. a setting for webdriver/protractor to do so.

I could not find any solution but to setup a proxy that filters the header.

any ideas?

Answer 1

currently there are no native option but you can disable CSP using extension.

Step:

1. Download extension Disable Content-Security-Policy
2. Save it as .zip, because it need modification to enable "disable CSP" at start
3. extract the file or if using Winrar double click file background.js to edit
4. change var isCSPDisabled = false; to true
5. save change.

code

chrome_options = Options()
chrome_options.add_extension('path/to/disableCSP.zip') # or disableCSP.xpi
driver = webdriver.Chrome(chrome_options=chrome_options)

Answer 2

I update @ewwink's answer

1. Go to the website of the extension developer Disable CSP github
2. Download the extension code in zip format
3. Unzip and modify the background.js file with:

    var isCSPDisabled = function (tabId) {
        return true; // disabledTabIds.includes(tabId);
    };

4. In Chrome go to: ... -> Tools -> Extensions -> Active the Developer mode -> Pack extension ... Choose the modified folder as the root directory -> Leave the field: private key file blank -> This will create a .crx file next to the extension folder, and a private key as if it were the developer
5. Use the generated crx file like this:

    from selenium import webdriver
    from selenium.webdriver.chrome.options import Options

    chrome_options = Options()
    chrome_options.add_extension("/path/to/chrome-csp-disable-master.crx")
    driver = webdriver.Chrome(executable_path="/path/to/chromedriver", options=chrome_options)
    driver.get("https://www.google.com/")

source: Load chrome extension using selenium