Exceptions - Yash-777/SeleniumDriverAutomation GitHub Wiki

String crx = "https://clients2.google.com/service/update2/crx?";
String urlStr = crx + "response=redirect&prodversion=49.0&x=id%3Dieelmcmcagommplceebfedjlakkhpden%26installsource%3Dondemand%26uc";
URL url = new URL( urlStr );
String tempPath = System.getProperty("java.io.tmpdir");
String targetFile = "Disable-Content-Security-Policy.crx";

String storeFileName = tempPath + File.separator + targetFile;
Path path = new File( storeFileName ).toPath();
Files.copy(url.openStream(), path, StandardCopyOption.REPLACE_EXISTING);

System.out.println( "Extension file saved into File : "+ storeFileName );

CSP works by restricting the origins that active and passive content can be loaded from. It can additionally restrict certain aspects of active content such as the execution of inline JavaScript, and the use of eval().

It’s very important to always define default-src. Otherwise, the directives will default to allowing all resources. Because we have default-src 'self', this means that images served from the site’s domain will also be allowed.

Content-Security-Policy:
    default-src 'none';
    img-src 'self';
    script-src 'self' https://code.jquery.com;
    style-src 'self';

CSP by default doesn’t allow inline JavaScript unless you explicitly allow it. This means that you need to remove the following:

<script> blocks in the page

To Overcome this problem in selenium, Instead of injecting code in the <Script> element we have to inject as a normal String. As we cannot access the String functions scope, out side the application we need to add the function to document. document.stringInjectedFunctions.

DOM event handlers in HTML e.g: onclick

<button id='save' onclick='saveObjects()'> Done </button>

<!-- As the above onclick functions is not allowed we need to add them as events -->
<button id='save'> Done </button>
window.addEventListener('click', saveObjects, true);
var saveObjects = function () {
//...
}

javascript: pseudo protocol.