Description
Current behavior
Running a web worker in a cypress test after v12.15 results in an error
spec.cy.js:36 Refused to create a worker from 'blob:http://localhost:3000/164681fb-cb4d-414b-8d35-2821c8805feb' because it violates the following Content Security Policy directive: "script-src 'unsafe-eval'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
Running a web worker in a cypress test in v12.14 or earlier does not have this problem.
Desired behavior
Cypress should not generate a CSP error when a web worker is used from within the test (note that this does not happen when a webworker is used in the application-under-test, i.e., inside the iframe).
If it was the Cypress team's intention to break this use case, it should have been done in a major release, not a minor release
Test code to reproduce
https://github.com/crfrolik/CypressWebWorkerTest
Instructions to reproduce are provided in the README.
Cypress Version
12.17.1
Node version
16.20.0
Operating System
Ubuntu 20.04
Debug Logs
The error that is encountered is:
TypeError: Cannot set property message of [object DOMException] which has only a getter
Because this error occurred during a `before each` hook we are skipping the remaining tests in the current suite: `websocket in webworker`
at modifyErrMsg (http://localhost:3000/__cypress/runner/cypress_runner.js:164400:15)
at Object.appendErrMsg (http://localhost:3000/__cypress/runner/cypress_runner.js:164405:10)
at Runner.<anonymous> (http://localhost:3000/__cypress/runner/cypress_runner.js:167607:76)
at Runner.emit (http://localhost:3000/__cypress/runner/cypress_runner.js:28203:7)
at ../driver/node_modules/mocha/lib/runner.js.Runner.fail (http://localhost:3000/__cypress/runner/cypress_runner.js:114863:8)
at Runner.fail (http://localhost:3000/__cypress/runner/cypress_runner.js:166072:25)
at ../driver/node_modules/mocha/lib/runner.js.Runner.failHook (http://localhost:3000/__cypress/runner/cypress_runner.js:114901:8)
at Hook.<anonymous> (http://localhost:3000/__cypress/runner/cypress_runner.js:114975:14)
at next (http://localhost:3000/__cypress/runner/cypress_runner.js:167997:24)
at http://localhost:3000/__cypress/runner/cypress_runner.js:168024:13
at tryCatcher (http://localhost:3000/__cypress/runner/cypress_runner.js:18744:23)
at Promise._settlePromiseFromHandler (http://localhost:3000/__cypress/runner/cypress_runner.js:16679:31)
at Promise._settlePromise (http://localhost:3000/__cypress/runner/cypress_runner.js:16736:18)
at Promise._settlePromise0 (http://localhost:3000/__cypress/runner/cypress_runner.js:16781:10)
at Promise._settlePromises (http://localhost:3000/__cypress/runner/cypress_runner.js:16861:18)
at Promise._fulfill (http://localhost:3000/__cypress/runner/cypress_runner.js:16805:18)
at Promise._resolveCallback (http://localhost:3000/__cypress/runner/cypress_runner.js:16599:57)
at Promise._settlePromiseFromHandler (http://localhost:3000/__cypress/runner/cypress_runner.js:16691:17)
at Promise._settlePromise (http://localhost:3000/__cypress/runner/cypress_runner.js:16736:18)
at Promise._settlePromise0 (http://localhost:3000/__cypress/runner/cypress_runner.js:16781:10)
at Promise._settlePromises (http://localhost:3000/__cypress/runner/cypress_runner.js:16861:18)
at Promise._fulfill (http://localhost:3000/__cypress/runner/cypress_runner.js:16805:18)However, the error that appears in the browser's console log may be more relevant:
spec.cy.js:36 Refused to create a worker from 'blob:http://localhost:3000/164681fb-cb4d-414b-8d35-2821c8805feb' because it violates the following Content Security Policy directie: "script-src 'unsafe-eval'". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.)
Other
Our assumption is that the changes made related to #1030 are what caused this.
Note that we have tried using the experimentalCspAllowList option and that has not addressed the issue, e.g.:
"experimentalCspAllowList": ['script-src-elem', 'script-src', 'default-src', 'form-action', 'child-src', 'frame-src']