Skip to content

Commit

Permalink
Option to bypass Content-Security-Policy when executing Javascript (#116
Browse files Browse the repository at this point in the history
)

Closes #114
  • Loading branch information
sesh authored Nov 1, 2023
1 parent ae13a52 commit 3d14b03
Show file tree
Hide file tree
Showing 7 changed files with 30 additions and 4 deletions.
1 change: 1 addition & 0 deletions docs/accessibility.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ Options:
--log-console Write console.log() to stderr
--fail Fail with an error code if a page returns an HTTP error
--skip Skip pages that return HTTP errors
--bypass-csp Bypass Content-Security-Policy
--help Show this message and exit.
```
<!-- [[[end]]] -->
1 change: 1 addition & 0 deletions docs/html.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ Options:
--fail Fail with an error code if a page returns an
HTTP error
--skip Skip pages that return HTTP errors
--bypass-csp Bypass Content-Security-Policy
--silent Do not output any messages
--help Show this message and exit.
```
Expand Down
1 change: 1 addition & 0 deletions docs/javascript.md
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,7 @@ Options:
--fail Fail with an error code if a page returns an
HTTP error
--skip Skip pages that return HTTP errors
--bypass-csp Bypass Content-Security-Policy
--help Show this message and exit.
```
<!-- [[[end]]] -->
1 change: 1 addition & 0 deletions docs/pdf.md
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ Options:
--fail Fail with an error code if a page returns an
HTTP error
--skip Skip pages that return HTTP errors
--bypass-csp Bypass Content-Security-Policy
--silent Do not output any messages
--help Show this message and exit.
```
Expand Down
1 change: 1 addition & 0 deletions docs/screenshots.md
Original file line number Diff line number Diff line change
Expand Up @@ -315,6 +315,7 @@ Options:
--fail Fail with an error code if a page returns an
HTTP error
--skip Skip pages that return HTTP errors
--bypass-csp Bypass Content-Security-Policy
--silent Do not output any messages
--help Show this message and exit.
```
Expand Down
27 changes: 23 additions & 4 deletions shot_scraper/cli.py
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,11 @@ def skip_fail_options(fn):
return fn


def bypass_csp_option(fn):
click.option("--bypass-csp", is_flag=True, help="Bypass Content-Security-Policy")(fn)
return fn


def skip_or_fail(response, skip, fail):
if skip and fail:
raise click.ClickException("--skip and --fail cannot be used together")
Expand Down Expand Up @@ -192,6 +197,7 @@ def cli():
@user_agent_option
@reduced_motion_option
@skip_fail_options
@bypass_csp_option
@silent_option
def shot(
url,
Expand Down Expand Up @@ -220,6 +226,7 @@ def shot(
reduced_motion,
skip,
fail,
bypass_csp,
silent,
):
"""
Expand Down Expand Up @@ -281,6 +288,7 @@ def shot(
user_agent=user_agent,
timeout=timeout,
reduced_motion=reduced_motion,
bypass_csp=bypass_csp,
)
if interactive or devtools:
use_existing_page = True
Expand Down Expand Up @@ -330,6 +338,7 @@ def _browser_context(
user_agent=None,
timeout=None,
reduced_motion=False,
bypass_csp=False,
):
browser_kwargs = dict(headless=not interactive, devtools=devtools)
if browser == "chromium":
Expand All @@ -350,6 +359,8 @@ def _browser_context(
context_args["reduced_motion"] = "reduce"
if user_agent is not None:
context_args["user_agent"] = user_agent
if bypass_csp:
context_args["bypass_csp"] = bypass_csp
context = browser_obj.new_context(**context_args)
if timeout:
context.set_default_timeout(timeout)
Expand Down Expand Up @@ -490,7 +501,8 @@ def multi(
)
@log_console_option
@skip_fail_options
def accessibility(url, auth, output, javascript, timeout, log_console, skip, fail):
@bypass_csp_option
def accessibility(url, auth, output, javascript, timeout, log_console, skip, fail, bypass_csp):
"""
Dump the Chromium accessibility tree for the specifed page
Expand All @@ -500,7 +512,7 @@ def accessibility(url, auth, output, javascript, timeout, log_console, skip, fai
"""
url = url_or_file_path(url, _check_and_absolutize)
with sync_playwright() as p:
context, browser_obj = _browser_context(p, auth, timeout=timeout)
context, browser_obj = _browser_context(p, auth, timeout=timeout, bypass_csp=bypass_csp)
page = context.new_page()
if log_console:
page.on("console", console_log)
Expand Down Expand Up @@ -548,6 +560,7 @@ def accessibility(url, auth, output, javascript, timeout, log_console, skip, fai
@reduced_motion_option
@log_console_option
@skip_fail_options
@bypass_csp_option
def javascript(
url,
javascript,
Expand All @@ -561,6 +574,7 @@ def javascript(
log_console,
skip,
fail,
bypass_csp,
):
"""
Execute JavaScript against the page and return the result as JSON
Expand Down Expand Up @@ -597,6 +611,7 @@ def javascript(
browser=browser,
user_agent=user_agent,
reduced_motion=reduced_motion,
bypass_csp=bypass_csp,
)
page = context.new_page()
if log_console:
Expand Down Expand Up @@ -664,6 +679,7 @@ def javascript(
@click.option("--print-background", is_flag=True, help="Print background graphics")
@log_console_option
@skip_fail_options
@bypass_csp_option
@silent_option
def pdf(
url,
Expand All @@ -681,6 +697,7 @@ def pdf(
log_console,
skip,
fail,
bypass_csp,
silent,
):
"""
Expand All @@ -702,7 +719,7 @@ def pdf(
if output is None:
output = filename_for_url(url, ext="pdf", file_exists=os.path.exists)
with sync_playwright() as p:
context, browser_obj = _browser_context(p, auth)
context, browser_obj = _browser_context(p, auth, bypass_csp=bypass_csp)
page = context.new_page()
if log_console:
page.on("console", console_log)
Expand Down Expand Up @@ -764,6 +781,7 @@ def pdf(
@browser_option
@user_agent_option
@skip_fail_options
@bypass_csp_option
@silent_option
def html(
url,
Expand All @@ -777,6 +795,7 @@ def html(
user_agent,
skip,
fail,
bypass_csp,
silent,
):
"""
Expand All @@ -795,7 +814,7 @@ def html(
output = filename_for_url(url, ext="html", file_exists=os.path.exists)
with sync_playwright() as p:
context, browser_obj = _browser_context(
p, auth, browser=browser, user_agent=user_agent
p, auth, browser=browser, user_agent=user_agent, bypass_csp=bypass_csp,
)
page = context.new_page()
if log_console:
Expand Down
2 changes: 2 additions & 0 deletions tests/run_examples.sh
Original file line number Diff line number Diff line change
Expand Up @@ -152,3 +152,5 @@ shot-scraper multi empty.yml
wait_for: |-
document.querySelector("div")
' | shot-scraper multi - --fail)
# --bypass-csp
shot-scraper javascript github.com "async () => { await import('https://cdn.jsdelivr.net/npm/left-pad/+esm'); return 'content-security-policy ignored' }" -o examples/github-csp.json --bypass-csp

0 comments on commit 3d14b03

Please sign in to comment.