Page 1 of 1
DevTools Protocol Page.setBypassCSP
Posted: Wed Jul 26, 2023 9:40 am
by michal@dorfin.waw.pl
Hi,
I'd like to use this method: "Page.setBypassCSP"
to bypass CSP.
I'm trying to use it this way:
Code: Select all
var TempParams := TCefDictionaryValueRef.New;
TempParams.SetBool('enabled', TRUE);
var FID:=1;
CHROME.ExecuteDevToolsMethod(FID, 'Page.setBypassCSP', TempParams);
According to documentation the call is correct. But unfortunatelly I'm still having "BLOCKED_BY_CSP" error in "onLoadError".
Do You know where should I call this DevTools method to make it working:
I tried: onBeforeBrowse and also right after I have properly created browser. There was no effect in neither of these places.
Re: DevTools Protocol Page.setBypassCSP
Posted: Wed Jul 26, 2023 10:27 am
by salvadordf
Hi,
Your code seems to be correct and the TChromium.OnDevToolsMethodResult event returns "success" as true.
The Puppeteer documentation states this about that method :
CSP bypassing happens at the moment of CSP initialization rather than evaluation. Usually, this means that page.setBypassCSP should be called before navigating to the domain.
https://pptr.dev/api/puppeteer.page.setbypasscsp
Keep in mind that the "
Page.setBypassCSP" method is marked as
experimental. It might not work as expected.
Re: DevTools Protocol Page.setBypassCSP
Posted: Wed Jul 26, 2023 12:50 pm
by michal@dorfin.waw.pl
I know that statement. That is why I asked You whether You know where to call this method to make it working. Where would You call it ?
Re: DevTools Protocol Page.setBypassCSP
Posted: Wed Jul 26, 2023 1:22 pm
by salvadordf
I've never used that method but after reading some puppeteer examples I would try this :
- Call Page.setBypassCSP even before navigating to that domain for the first time. Before the first TChromium.LoadURL call to that domain.
- Wait until the TChromium.OnDevToolsMethodResult event is triggered before navigating to that domain.
- If all that fails I would also try clearing the cache, but I'm not sure if this would help.
- Some people claim that it works if you reload the page after the Page.setBypassCSP call.
Re: DevTools Protocol Page.setBypassCSP
Posted: Sun Mar 03, 2024 3:08 pm
by michal@dorfin.waw.pl
I've just managed to bypass CSP.
Here is how I've achieved this:
1. I don't use CHROME.defaultURL -> so after creation the browser navigates to "about:blank"
2. in BrowserCreatedMsg function I execute this:
Code: Select all
var TempParams := TCefDictionaryValueRef.New;
TempParams.SetBool('enabled', TRUE);
var FID:=1;
CHROME.ExecuteDevToolsMethod(FID, 'Page.setBypassCSP', TempParams);
3. after that - when You open any page - the CSP is disabled.