Error with 'simulaterealtyping' enabled in a customer specific application (Chrome)

Progress® Telerik® Test Studio® Feedback Portal

Create an account Log In

Back to Feed

Request a Feature Report a Bug

Completed

Last Updated: 15 Nov 2016 08:59 by ADMIN

ADMIN

Elena

Created on: 07 Sep 2016 12:44

Type: Bug Report

Error with 'simulaterealtyping' enabled in a customer specific application (Chrome)

Steps to reproduce: 

1. Execute a test against Chrome to login to a customer specific application. 

2. The error will be generated in the execution log (Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self') 

Expected behavior: To pass the steps in the test. 

Actual behavior: Error appears in the log file and the test fails. 

Note: If the same scenario is executed against a public accessible page (google login for example) enabling SimulateRealTyping is not affecting the test).

2 comments

ADMIN

Daniel Djambov

Posted on: 15 Nov 2016 08:59

Telerik: There seems to be a security restriction problem in Chrome for such scenarios. The problem is caused by a CSP imposed by the application: "script-src 'self'".  Possible solutions 
1. As a first workaround you can remove the CSP imposed by his server
2. Second workaround:  use Fiddler to intercept and modify the traffic - using Fiddler script editor (http://www.telerik.com/download/fiddler/fiddlerscript-editor) - this will require to have fiddler running during this specific execution run and can affect slightly the performance.

Open Fiddler Script Editor and modify the following custom script to be applied in the OnBeforeResponse(oSession: Session) function:
 if (oSession.oResponse.headers.Exists("Content-security-policy")) {
 oSession["ui-backcolor"] = "lime";
 oSession["ui-bold"] = "removing CSP";
 oSession.oResponse.headers.Remove("Content-security-policy");
 }

 if (oSession.oResponse.headers.Exists("X-Content-security-policy")) {
 oSession["ui-backcolor"] = "lime";
 oSession["ui-bold"] = "removing CSP";
 oSession.oResponse.headers.Remove("X-Content-security-policy");

ADMIN

Daniel Djambov

Posted on: 26 Oct 2016 12:08

Telerik: we have fixed this in our latest Chrome Execution extension 2016.3.1026.1 - please update it to get the solution for the problem (http://docs.telerik.com/teststudio/troubleshooting-guide/browser-inconsistencies-tg/extensions-disabled-in-chrome use Developer Mode and "Update extensions now")