id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
37149	Use securitypolicyviolation event listener in tearDown() to check CSP violations for integration tests	Varun Kasyap Pentamaraju		"Several integration tests currently verify that no Content Security Policy (CSP) violations occurred by inspecting browser logs in `tearDown()`:

in `django\contrib\admin\tests.py`:

{{{
#!python
    def tearDown(self):
        # Ensure that no CSP violations were logged in the browser.
        self.assertEqual(self.get_browser_logs(source=""security""), [])
}}}

the current logic relying on `get_browser_logs()` to check no CSP violations:

{{{
#!python
    def get_browser_logs(self, source=None, level=""ALL""):
        """"""
        Return Chrome console logs filtered by level and optionally source.
        """"""
        try:
            logs = self.selenium.get_log(""browser"")
        except AttributeError:
            logs = []
        return [
            log
            for log in logs
            if (level == ""ALL"" or log[""level""] == level)
            and (source is None or log[""source""] == source)
        ]
}}}

however, `get_browser_logs()` is only supported for chrome and being skipped for non-chrome browsers.

A browser-independent alternative would be to register a `securitypolicyviolation` event listener in the test page and collect violations in `tearDown()`."	Cleanup/optimization	new	Testing framework	dev	Normal				Unreviewed	0	0	0	0	0	0