Add CSP headers to the karma run

ni · Mar 3, 2024 · 5130e6c · 5130e6c
1 parent 30e4d6a
commit 5130e6c
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 4 deletions.
diff --git a/angular-workspace/projects/example-client-app/karma.conf.js b/angular-workspace/projects/example-client-app/karma.conf.js
@@ -42,6 +42,16 @@ module.exports = function (config) {
     autoWatch: true,
     browsers: ['ChromeHeadless'],
     singleRun: false,
-    restartOnFileChange: true
+    restartOnFileChange: true,
+    customHeaders: [
+      // Add a Content-Security-Policy header for the tests
+      // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy
+      // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260
+      {
+          match: '\\.html',
+          name: 'Content-Security-Policy',
+          value: "script-src 'self' 'unsafe-inline'; object-src 'self';"
+      }
+  ]
   });
 };
diff --git a/angular-workspace/projects/ni/nimble-angular/karma.conf.js b/angular-workspace/projects/ni/nimble-angular/karma.conf.js
@@ -48,6 +48,16 @@ module.exports = config => {
         autoWatch: true,
         browsers: ['ChromeHeadless'],
         singleRun: false,
-        restartOnFileChange: true
+        restartOnFileChange: true,
+        customHeaders: [
+            // Add a Content-Security-Policy header for the tests
+            // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy
+            // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260
+            {
+                match: '\\.html',
+                name: 'Content-Security-Policy',
+                value: "script-src 'self' 'unsafe-inline'; object-src 'self';"
+            }
+        ]
     });
 };
diff --git a/packages/jasmine-parameterized/karma.conf.cjs b/packages/jasmine-parameterized/karma.conf.cjs
@@ -58,7 +58,17 @@ module.exports = config => {
             captureConsole: true
         },
         // to disable the WARN 404 for image requests
-        logLevel: config.LOG_ERROR
+        logLevel: config.LOG_ERROR,
+        customHeaders: [
+            // Add a Content-Security-Policy header for the tests
+            // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy
+            // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260
+            {
+                match: '\\.html',
+                name: 'Content-Security-Policy',
+                value: "script-src 'self' 'unsafe-inline'; object-src 'self';"
+            }
+        ]
     };
 
     config.set(options);

diff --git a/packages/nimble-components/karma.conf.js b/packages/nimble-components/karma.conf.js
@@ -147,7 +147,17 @@ module.exports = config => {
             },
             captureConsole: true
         },
-        logLevel: config.LOG_ERROR // to disable the WARN 404 for image requests
+        logLevel: config.LOG_ERROR, // to disable the WARN 404 for image requests
+        customHeaders: [
+            // Add a Content-Security-Policy header for the tests
+            // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy
+            // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260
+            {
+                match: '\\.html',
+                name: 'Content-Security-Policy',
+                value: "script-src 'self' 'unsafe-inline'; object-src 'self';"
+            }
+        ]
     };
 
     config.set(options);