-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lighthouse does not work with a CSP with sandbox without allow-scripts #11925
Comments
So there are two
|
I filed upstream about this: https://bugs.chromium.org/p/chromium/issues/detail?id=1222763 |
Also impacts web.dev and WebPageTest's optional Lighthouse audit. Does not seem to break PSI or, surprisingly, GTMetrix; GTMetrix claims to use Lighthouse 7.4.0 (sample audit of a page whose sandbox breaks vanilla Lighthouse). My current workaround for this (and, before it was fixed, #4386) was to just offer a subdomain with a less restrictive CSP for tests. |
Provide the steps to reproduce
What is the current behavior?
Test will time out
Chrome console will print:
Blocked script execution in 'https://meh.is/' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
What is the expected behavior?
Lighthouse should work despite website CSP since it is part of the browser.
Environment Information
The text was updated successfully, but these errors were encountered: