Re: Content Security Policy and WebDriver

On 03/11/14 18:22, Sam Uong wrote:
> Is the origin domain the same as "document.domain"? For both Chrome and
> Firefox (both of which support CSP) I get the domain of the page that
> I'm at when I run ExecuteScript("return document.domain;"). So it looks
> like both drivers execute scripts from self.

The origin you care about here is the "effective script origin".

HTML has hooks for all of this stuff. You need to call the hooks in the
right way, depending on what WebDriver is supposed to do. I *assume* it
just calls a script in the script execution environment of the selected
Window, but other possibilities are imaginable (I didn't check the spec).

Check with Hixie for the exact form of the spell you need to cast to
make this work.

Received on Wednesday, 5 November 2014 02:00:34 UTC