securedrop.org icon indicating copy to clipboard operation
securedrop.org copied to clipboard

Published 20 hours ago verified publisher icon freedomofpress

Write tests for CSP violations

Open conorsch opened this issue 6 years ago • 1 comments

Follow-up to #431. We are currently not testing for CSP violations in CI, and instead we require devs to validate that no CSP violations were introduced by running the local dev env during PR review and inspecting the console log. That's asking for trouble.

Let's wire up base Selenium tests to check for CSP violations. After a bit of reading, it appears it's currently impossible to inspect web console logs with Firefox as a Selenium driver, but with Chrome it may be possible.

conorsch avatar Apr 19 '18 00:04 conorsch

[Backlog pruning 5/10] We currently check if the CSP changes in infra tests. We don't scan for violations, we do use report-uri.com to monitor CSP issues, but aren't monitoring it very actively. This would be worth doing, but not urgently.

harrislapiroff avatar May 10 '23 17:05 harrislapiroff