-
Notifications
You must be signed in to change notification settings - Fork 843
Checking #1139 flag (CSP violation)
Stefan Krause edited this page Mar 5, 2024
·
3 revisions
Implementations that can't be run with a strict content security policy are flagged with #1139. Here's how the check works and can be checked manually:
- Enable the CSP header by calling http://localhost:8080/csp/enable
- Open the implementation and check the console. If an implementation doesn't work with a CSP you should see some errors regarding inline-scrips or inline-styles.
- The CSP header includes a report directive. The server prints the contents of the csp report on the console. http://localhost:8080/csp/ returns an array of all frameworks for which a report was received
- You can disable the CSP check by calling http://localhost:8080/csp/disable
There's also an automatic check that can be invoked
- In the root directory invoke
npm run checkCSP keyed/vobyto check a single framework ornpm run checkCSPto check all frameworks - The check also verifies that the 1139 issue is correctly specified in the package.json (property js-framework-benchmark.issues) and reports an error otherwise.