Merge pull request #297 from seleniumbase/csp-updates

Disable the Content Security Policy of websites by default

Author: mdmintz

examples/github_test.py

@@ -9,7 +9,7 @@ class GitHubTests(BaseCase):
     # "Please wait a few minutes before you try again."
     # To avoid this, slow down Selenium actions.
     def slow_click(self, css_selector):
-        time.sleep(1)
+        time.sleep(1.05)
         self.click(css_selector)
 
     def test_github(self):

help_docs/ReadMe.md

@@ -1,4 +1,4 @@
-### ![http://seleniumbase.com](https://cdn2.hubspot.net/hubfs/100006/images/super_logo_tiny.png "SeleniumBase") SeleniumBase Help Documents:
+### <img src="https://cdn2.hubspot.net/hubfs/100006/images/super_square_logo_3a.png" title="SeleniumBase" height="32"> SeleniumBase Help Documents
 
 > **Table of Contents / Navigation:**
 > - [**SeleniumBase Features List**](https://github.com/seleniumbase/SeleniumBase/blob/master/help_docs/features_list.md)

requirements.txt

@@ -8,7 +8,7 @@ unittest2
 selenium==3.141.0
 requests==2.21.0
 urllib3==1.24.1
-pytest>=4.3.0
+pytest>=4.3.1
 pytest-cov>=2.6.1
 pytest-html>=1.20.0
 pytest-rerunfailures>=6.0

seleniumbase/config/settings.py

@@ -19,14 +19,15 @@
 
 # If True, existing logs from past test runs will be saved and take up space.
 # If False, only the logs from the most recent test run will be saved locally.
+# You can also archive existing logs on the command line with: "--archive_logs"
 ARCHIVE_EXISTING_LOGS = False
 
 # If True, existing downloads from past runs will be saved and take up space.
 # If False, only the downloads from the most recent run will be saved locally.
 ARCHIVE_EXISTING_DOWNLOADS = False
 
 # Default names for files saved during test failures.
-# (These files will get saved to the "latest_logs/" folder)
+# (These files will get saved to the "latest_logs/" folder.)
 SCREENSHOT_NAME = "screenshot.png"
 BASIC_INFO_NAME = "basic_test_info.txt"
 PAGE_SOURCE_NAME = "page_source.html"
@@ -66,6 +67,11 @@
 # Messenger notifications appear when reaching assert statements in Demo Mode.
 DEFAULT_MESSAGE_DURATION = 2.55
 
+# If True, the Content Security Policy will be disabled on Chrome and Firefox.
+# If False, each website's default Content Security Policy will be used.
+# (A website's CSP may prevent SeleniumBase from loading custom JavaScript.)
+DISABLE_CONTENT_SECURITY_POLICY = True
+
 # If True, an Exception is raised immediately for invalid proxy string syntax.
 # If False, a Warning will appear after the test, with no proxy server used.
 # (This applies when using --proxy=[PROXY_STRING] for using a proxy server.)

seleniumbase/console_scripts/ReadMe.md

@@ -1,4 +1,4 @@
-## Console Scripts
+## <img src="https://cdn2.hubspot.net/hubfs/100006/images/super_square_logo_3a.png" title="SeleniumBase" height="32"> Console Scripts
 
 SeleniumBase console scripts help you get things done more easily, such as installing web drivers, creating a test directory with necessary configuration files, converting old Webdriver unittest scripts into SeleniumBase code, and using the Selenium Grid.
 

seleniumbase/core/browser_launcher.py

@@ -16,7 +16,10 @@
 from seleniumbase.fixtures import constants
 from seleniumbase.fixtures import page_utils
 from seleniumbase import drivers  # webdriver storage folder for SeleniumBase
+from seleniumbase import extensions  # browser extensions storage folder
 DRIVER_DIR = os.path.dirname(os.path.realpath(drivers.__file__))
+EXTENSIONS_DIR = os.path.dirname(os.path.realpath(extensions.__file__))
+DISABLE_CSP_ZIP_PATH = "%s/%s" % (EXTENSIONS_DIR, "disable_csp.zip")
 PROXY_ZIP_PATH = proxy_helper.PROXY_ZIP_PATH
 PROXY_ZIP_PATH_2 = proxy_helper.PROXY_ZIP_PATH_2
 PLATFORM = sys.platform
@@ -82,8 +85,16 @@ def _add_chrome_proxy_extension(
     return chrome_options
 
 
+def _add_chrome_disable_csp_extension(chrome_options):
+    """ Disable Chrome's Content-Security-Policy with a browser extension.
+        See https://github.com/PhilGrayson/chrome-csp-disable for details. """
+    disable_csp_zip = DISABLE_CSP_ZIP_PATH
+    chrome_options.add_extension(disable_csp_zip)
+    return chrome_options
+
+
 def _set_chrome_options(
-        downloads_path, proxy_string, proxy_auth,
+        downloads_path, headless, proxy_string, proxy_auth,
         proxy_user, proxy_pass, user_agent):
     chrome_options = webdriver.ChromeOptions()
     prefs = {
@@ -108,6 +119,10 @@ def _set_chrome_options(
     chrome_options.add_argument("--disable-single-click-autofill")
     chrome_options.add_argument("--disable-translate")
     chrome_options.add_argument("--disable-web-security")
+    if settings.DISABLE_CONTENT_SECURITY_POLICY and not headless:
+        # Headless Chrome doesn't support extensions, which are required
+        # for disabling the Content Security Policy on Chrome
+        chrome_options = _add_chrome_disable_csp_extension(chrome_options)
     if proxy_string:
         if proxy_auth:
             chrome_options = _add_chrome_proxy_extension(
@@ -135,7 +150,8 @@ def _create_firefox_profile(downloads_path, proxy_string, user_agent):
         profile.set_preference("general.useragent.override", user_agent)
     profile.set_preference(
         "security.mixed_content.block_active_content", False)
-    profile.set_preference("security.csp.enable", False)
+    if settings.DISABLE_CONTENT_SECURITY_POLICY:
+        profile.set_preference("security.csp.enable", False)
     profile.set_preference(
         "browser.download.manager.showAlertOnComplete", False)
     profile.set_preference("browser.privatebrowsing.autostart", True)
@@ -247,7 +263,7 @@ def get_remote_driver(
         desired_caps = capabilities_parser.get_desired_capabilities(cap_file)
     if browser_name == constants.Browser.GOOGLE_CHROME:
         chrome_options = _set_chrome_options(
-            downloads_path, proxy_string, proxy_auth,
+            downloads_path, headless, proxy_string, proxy_auth,
             proxy_user, proxy_pass, user_agent)
         if headless:
             if not proxy_auth:
@@ -458,7 +474,7 @@ def get_local_driver(
     elif browser_name == constants.Browser.GOOGLE_CHROME:
         try:
             chrome_options = _set_chrome_options(
-                downloads_path, proxy_string, proxy_auth,
+                downloads_path, headless, proxy_string, proxy_auth,
                 proxy_user, proxy_pass, user_agent)
             if headless:
                 # Headless Chrome doesn't support extensions, which are

seleniumbase/core/download_helper.py

@@ -35,7 +35,10 @@ def reset_downloads_folder():
 
 def reset_downloads_folder_assistant(archived_downloads_folder):
     if not os.path.exists(archived_downloads_folder):
-        os.makedirs(archived_downloads_folder)
+        try:
+            os.makedirs(archived_downloads_folder)
+        except Exception:
+            pass  # Should only be reachable during multi-threaded test runs
     new_archived_downloads_sub_folder = "%s/downloads_%s" % (
         archived_downloads_folder, int(time.time()))
     if os.path.exists(downloads_path):

seleniumbase/core/report_helper.py

@@ -66,7 +66,10 @@ def clear_out_old_report_logs(archive_past_runs=True, get_log_folder=False):
     abs_path = os.path.abspath('.')
     file_path = abs_path + "/%s" % LATEST_REPORT_DIR
     if not os.path.exists(file_path):
-        os.makedirs(file_path)
+        try:
+            os.makedirs(file_path)
+        except Exception:
+            pass  # Should only be reachable during multi-threaded runs
 
     if archive_past_runs:
         archive_timestamp = int(time.time())

seleniumbase/drivers/ReadMe.md

@@ -1,4 +1,4 @@
-### SeleniumBase web driver storage
+### <img src="https://cdn2.hubspot.net/hubfs/100006/images/super_square_logo_3a.png" title="SeleniumBase" height="32"> SeleniumBase web driver storage
 
 #### Usage:
 

seleniumbase/extensions/ReadMe.md

@@ -0,0 +1,4 @@
+### <img src="https://cdn2.hubspot.net/hubfs/100006/images/super_square_logo_3a.png" title="SeleniumBase" height="32"> SeleniumBase browser extension storage
+
+**The List:**
+* disable_csp.zip => Disable Chrome's Content-Security-Policy