From 5130e6c8fb43fbc3aadeafec3aee885ffc690150 Mon Sep 17 00:00:00 2001 From: rajsite Date: Sun, 3 Mar 2024 15:57:05 -0600 Subject: [PATCH] Add CSP headers to the karma run --- .../projects/example-client-app/karma.conf.js | 12 +++++++++++- .../projects/ni/nimble-angular/karma.conf.js | 12 +++++++++++- packages/jasmine-parameterized/karma.conf.cjs | 12 +++++++++++- packages/nimble-components/karma.conf.js | 12 +++++++++++- 4 files changed, 44 insertions(+), 4 deletions(-) diff --git a/angular-workspace/projects/example-client-app/karma.conf.js b/angular-workspace/projects/example-client-app/karma.conf.js index cb3fb06a5c..6a5488068d 100644 --- a/angular-workspace/projects/example-client-app/karma.conf.js +++ b/angular-workspace/projects/example-client-app/karma.conf.js @@ -42,6 +42,16 @@ module.exports = function (config) { autoWatch: true, browsers: ['ChromeHeadless'], singleRun: false, - restartOnFileChange: true + restartOnFileChange: true, + customHeaders: [ + // Add a Content-Security-Policy header for the tests + // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy + // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260 + { + match: '\\.html', + name: 'Content-Security-Policy', + value: "script-src 'self' 'unsafe-inline'; object-src 'self';" + } + ] }); }; diff --git a/angular-workspace/projects/ni/nimble-angular/karma.conf.js b/angular-workspace/projects/ni/nimble-angular/karma.conf.js index ac2aa009a6..1b211f44da 100644 --- a/angular-workspace/projects/ni/nimble-angular/karma.conf.js +++ b/angular-workspace/projects/ni/nimble-angular/karma.conf.js @@ -48,6 +48,16 @@ module.exports = config => { autoWatch: true, browsers: ['ChromeHeadless'], singleRun: false, - restartOnFileChange: true + restartOnFileChange: true, + customHeaders: [ + // Add a Content-Security-Policy header for the tests + // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy + // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260 + { + match: '\\.html', + name: 'Content-Security-Policy', + value: "script-src 'self' 'unsafe-inline'; object-src 'self';" + } + ] }); }; diff --git a/packages/jasmine-parameterized/karma.conf.cjs b/packages/jasmine-parameterized/karma.conf.cjs index 03d6751ea9..e39b732a9f 100644 --- a/packages/jasmine-parameterized/karma.conf.cjs +++ b/packages/jasmine-parameterized/karma.conf.cjs @@ -58,7 +58,17 @@ module.exports = config => { captureConsole: true }, // to disable the WARN 404 for image requests - logLevel: config.LOG_ERROR + logLevel: config.LOG_ERROR, + customHeaders: [ + // Add a Content-Security-Policy header for the tests + // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy + // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260 + { + match: '\\.html', + name: 'Content-Security-Policy', + value: "script-src 'self' 'unsafe-inline'; object-src 'self';" + } + ] }; config.set(options); diff --git a/packages/nimble-components/karma.conf.js b/packages/nimble-components/karma.conf.js index 0d90929cd4..6f9742eb61 100644 --- a/packages/nimble-components/karma.conf.js +++ b/packages/nimble-components/karma.conf.js @@ -147,7 +147,17 @@ module.exports = config => { }, captureConsole: true }, - logLevel: config.LOG_ERROR // to disable the WARN 404 for image requests + logLevel: config.LOG_ERROR, // to disable the WARN 404 for image requests + customHeaders: [ + // Add a Content-Security-Policy header for the tests + // Following: https://developer.chrome.com/docs/extensions/reference/manifest/content-security-policy + // Need 'unsafe-inline' to support karma behavior: https://github.com/karma-runner/karma/issues/3260 + { + match: '\\.html', + name: 'Content-Security-Policy', + value: "script-src 'self' 'unsafe-inline'; object-src 'self';" + } + ] }; config.set(options);