Disable content security policy in PhantomJS

Question

Disable content security policy in PhantomJS

I am trying to use WebSocket in a call to page.evaulate() in PhantomJS (2.1.1). When trying to connect to the WebSocket server, the following error occurs:

SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent.

I managed to disable CSP in Firefox by going to about:config and setting security.csp.enable to false. After that, I can run the same code with the PhantomJS script, without any problems pasting it into the console in Firefox.

Can I disable the content security policy in PhantomJS? (I tried setting page.webSecurityEnabled = false and page.localToRemoteUrlAccessEnabled = true no avail.)

+5

phantomjs content-security-policy

user1819699 Jan 14 '18 at 5:43

source share

1 answer

HenriqueHBR · Answer 1 · 2018-02-13T12:52:47+0000

The latest stable version of PhantomJS 2.1.1 has an error while trying to get a web page with the response header: content-security-policy: default-src 'none'

Correction: Section 2.1.1, File: \ phantomjs \ src \ qt \ qtwebkit \ Source \ WebCore \ page \ ContentSecurityPolicy.cpp , change line 354:

, m_allowEval(false)

To:

, m_allowEval(true)

Then build.py -r ... Enjoy!

Disable content security policy in PhantomJS

More articles: