Cypress: Content security policy is not allowing page to be loaded

Created on 2 Apr 2018  路  6Comments  路  Source: cypress-io/cypress
  • Cypress Version: 2.1.0

Normally we are able to strip content security policies, but there is something about this url that is causing this to error.

it('example', () => {
 cy.visit('https://login.yahoo.com/config/login?.src=flickrsignin&.pc=8190&.scrumb=0&.pd=c%3DH6T9XcS72e4mRnW3NpTAiU8ZkA--&.intl=in&.lang=en&.done=https%3A%2F%2Flogin.yahoo.com%2Fconfig%2Fvalidate%3F.src%3Dflickrsignin%26.pc%3D8190%26.scrumb%3D0%26.pd%3Dc%253DJvVF95K62e6PzdPu7MBv2V8-%26.intl%3Din%26.done%3Dhttp%253A%252F%252Fwww.flickr.com%252Fsignin%252Fyahoo%252F%253Fredir%253Dhttp%25253A%25252F%25252Fwww.flickr.com%25252F')
})

Error displayed:

Refused to execute inline script because it violates the following Content Security Policy 
directive: "script-src 'self' 'unsafe-eval' ....Either the 'unsafe-inline' keyword, 
a hash ('...'), or a nonce ('nonce-...') is required to enable inline execution.
pkserver ready for work bug
Source
picture jennifer-shehane
👍2

All 6 comments

Same error with https://teams.microsoft.com and Cypress version 3.0.3

I know, I know: only test your own code. Here's my situation:

I'm developing an app for Microsoft Teams. Teams applications are web apps whose URL is embedded by Teams in an iFrame.

Our E2E tests are written in Cypress, and I merely run the app outside of Teams, mocking any needed calls from the Teams library.

However, our company also needs operational tests that ensures the application runs as it will be in production. So we're using Selenium for the ops tests :(

At any rate, perhaps we'll be able to go full Cypress eventually.

Thanks.

benpolinsky picture benpolinsky on 2 Aug 2018

@jennifer-shehane Though I haven't delved into Cypress' code base before, I'd be willing to try to take this on if no one else is working on it. Which Cypress package controls this behavior?

benpolinsky picture benpolinsky on 15 Aug 2018
👍1

It should be in the server relating to proxy https://github.com/cypress-io/cypress/blob/develop/packages/server/lib/controllers/proxy.coffee#L1

jennifer-shehane picture jennifer-shehane on 15 Aug 2018
👍1

@benpolinsky This error actually looks a bit different and is related to this issue: https://github.com/cypress-io/cypress/issues/3459

jennifer-shehane picture jennifer-shehane on 8 Mar 2019
👍1

@jennifer-shehane Makes sense since Cypress is definitely stripping out the CSP headers, as you mentioned.

benpolinsky picture benpolinsky on 8 Mar 2019

Is there a workaround for this in the meantime?

KevinVanthuyne picture KevinVanthuyne on 27 May 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Francismb picture Francismb  路  3Comments
igorpavlov picture igorpavlov  路  3Comments
tahayk picture tahayk  路  3Comments
simonhaenisch picture simonhaenisch  路  3Comments
verheyenkoen picture verheyenkoen  路  3Comments