Opened 28 minutes ago
#37149 new Cleanup/optimization
Use securitypolicyviolation event listener in tearDown() to check CSP violations for integration tests
| Reported by: | Varun Kasyap Pentamaraju | Owned by: | |
|---|---|---|---|
| Component: | Testing framework | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Several integration tests currently verify that no Content Security Policy (CSP) violations occurred by inspecting browser logs in tearDown():
in django\contrib\admin\tests.py:
def tearDown(self): # Ensure that no CSP violations were logged in the browser. self.assertEqual(self.get_browser_logs(source="security"), [])
the current logic relying on get_browser_logs() to check no CSP violations:
def get_browser_logs(self, source=None, level="ALL"): """ Return Chrome console logs filtered by level and optionally source. """ try: logs = self.selenium.get_log("browser") except AttributeError: logs = [] return [ log for log in logs if (level == "ALL" or log["level"] == level) and (source is None or log["source"] == source) ]
however, get_browser_logs() is only supported for chrome and being skipped for non-chrome browsers.
A browser-independent alternative would be to register a securitypolicyviolation event listener in the test page and collect violations in tearDown().
Note:
See TracTickets
for help on using tickets.