Disclosure Statement: This site contains affiliate links, which means that I may receive a commission if you make a purchase using these links. As an eBay Partner, I earn from qualifying purchases.

DevTools Protocol Page.setBypassCSP

Post Reply
michal@dorfin.waw.pl
Posts: 41
Joined: Sun Feb 05, 2017 8:53 am

DevTools Protocol Page.setBypassCSP

Post by michal@dorfin.waw.pl »

Hi,

I'd like to use this method: "Page.setBypassCSP"
to bypass CSP.
I'm trying to use it this way:

Code: Select all

 var TempParams  := TCefDictionaryValueRef.New;
 TempParams.SetBool('enabled', TRUE);
 var FID:=1;
 CHROME.ExecuteDevToolsMethod(FID, 'Page.setBypassCSP', TempParams);
According to documentation the call is correct. But unfortunatelly I'm still having "BLOCKED_BY_CSP" error in "onLoadError".
Do You know where should I call this DevTools method to make it working:
I tried: onBeforeBrowse and also right after I have properly created browser. There was no effect in neither of these places.
Top
User avatar
salvadordf
Posts: 4056
Joined: Thu Feb 02, 2017 12:24 pm
Location: Spain
Contact:
Contact salvadordf

Re: DevTools Protocol Page.setBypassCSP

Post by salvadordf »

Hi,

Your code seems to be correct and the TChromium.OnDevToolsMethodResult event returns "success" as true.

The Puppeteer documentation states this about that method :
CSP bypassing happens at the moment of CSP initialization rather than evaluation. Usually, this means that page.setBypassCSP should be called before navigating to the domain.
https://pptr.dev/api/puppeteer.page.setbypasscsp

Keep in mind that the "Page.setBypassCSP" method is marked as experimental. It might not work as expected.
Top
michal@dorfin.waw.pl
Posts: 41
Joined: Sun Feb 05, 2017 8:53 am

Re: DevTools Protocol Page.setBypassCSP

Post by michal@dorfin.waw.pl »

I know that statement. That is why I asked You whether You know where to call this method to make it working. Where would You call it ?
Top
User avatar
salvadordf
Posts: 4056
Joined: Thu Feb 02, 2017 12:24 pm
Location: Spain
Contact:
Contact salvadordf

Re: DevTools Protocol Page.setBypassCSP

Post by salvadordf »

I've never used that method but after reading some puppeteer examples I would try this :
  • Call Page.setBypassCSP even before navigating to that domain for the first time. Before the first TChromium.LoadURL call to that domain.
  • Wait until the TChromium.OnDevToolsMethodResult event is triggered before navigating to that domain.
  • If all that fails I would also try clearing the cache, but I'm not sure if this would help.
  • Some people claim that it works if you reload the page after the Page.setBypassCSP call.
Top
michal@dorfin.waw.pl
Posts: 41
Joined: Sun Feb 05, 2017 8:53 am

Re: DevTools Protocol Page.setBypassCSP

Post by michal@dorfin.waw.pl »

I've just managed to bypass CSP.
Here is how I've achieved this:
1. I don't use CHROME.defaultURL -> so after creation the browser navigates to "about:blank"
2. in BrowserCreatedMsg function I execute this:

Code: Select all

var TempParams  := TCefDictionaryValueRef.New;
 TempParams.SetBool('enabled', TRUE);
 var FID:=1;
 CHROME.ExecuteDevToolsMethod(FID, 'Page.setBypassCSP', TempParams);
3. after that - when You open any page - the CSP is disabled.
Top
Post Reply

Return to “General”