Skip to content

Commit

Permalink
fix(browser): allow iframe to load even if there is a custom CSP head…
Browse files Browse the repository at this point in the history
…er (#5841)
  • Loading branch information
sheremet-va authored Jun 4, 2024
1 parent c79b3f1 commit caaafd9
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 0 deletions.
13 changes: 13 additions & 0 deletions packages/browser/src/node/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,13 @@ export default (project: WorkspaceProject, base = '/'): Plugin[] => {
__VITEST_TYPE__: url.pathname === base ? '"orchestrator"' : '"tester"',
})

// remove custom iframe related headers to allow the iframe to load
res.removeHeader('X-Frame-Options')

if (url.pathname === base) {
// disable CSP for the orchestrator as we are the ones controlling it
res.removeHeader('Content-Security-Policy')

if (!indexScripts)
indexScripts = await formatScripts(project.config.browser.indexScripts, server)

Expand Down Expand Up @@ -105,6 +111,13 @@ export default (project: WorkspaceProject, base = '/'): Plugin[] => {
return
}

const csp = res.getHeader('Content-Security-Policy')
if (typeof csp === 'string') {
// add frame-ancestors to allow the iframe to be loaded by Vitest,
// but keep the rest of the CSP
res.setHeader('Content-Security-Policy', csp.replace(/frame-ancestors [^;]+/, 'frame-ancestors *'))
}

const decodedTestFile = decodeURIComponent(url.pathname.slice(testerPrefix.length))
const testFiles = await project.globTestFiles()
// if decoded test file is "__vitest_all__" or not in the list of known files, run all tests
Expand Down
3 changes: 3 additions & 0 deletions test/browser/vitest.config.mts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ export default defineConfig({
server: {
headers: {
'x-custom': 'hello',
// Vitest iframe should still be loaded
'X-Frame-Options': 'DENY',
'content-security-policy': 'frame-src https://example.com; frame-ancestors https://example.com',
},
},
optimizeDeps: {
Expand Down

0 comments on commit caaafd9

Please sign in to comment.