Intercept - Modify HTTP Response Headers

[marktamis]

Hi,

We're looking to intercept HTTP response headers to rewrite them before the page is shown in the browser.

For my test setup we want to load a script from an external site into pages protected by restrictive Content Security Policy headers

Currently we can add the script but because of the aforementioned setting, it won't load

The idea would be to intercept and rewrite this response header to add the domain from which my script is loading

(normally the script is loaded through a browser extension - currently we can force the install but we're stuck on user validation of the install, which means we can't use headless chrome)

[zabil]

Have you tried disabling web security? https://docs.taiko.dev/frequently_asked_questions/#how-do-i-intercept-request-with-method-options%3F

[marktamis]

Thanks! I just tried it but unfortunately it has no effect on the CSP Header (only CORS requests are affected and no effect on the response headers)

[NivedhaSenthil]

@marktamis is there a sample that we can experiment with ?

[sriv]

I believe this should be an issue (apologies for the late response), so that this gets slotted in the backlog.

[sriv]

#1822 could be related to this.

[marktamis]

Thanks for picking this up again

When searching around I found that on other testing frameworks they add a method to remove the CSP header : bypassCSP (boolean)

This could be another way Taiko could handle the requirement

[nseshadr]

is there an ETA for this solution? This is critical for us to use Taiko.

[NivedhaSenthil]

Have created an issue to provide option for bypassing csp header #1935