I'm trying to automate the process of logging into my university account using Selenium and Python. My university uses Duo Multi-Factor logon. When I get to the Duo authentication page, the Duo iframe should prompt for the u2f Security stored on my computer, but it is not doing that.
Opening up the chrome webdriver console, I could see the error thrown:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-aqNNdDLnnrDOnTNdkJpYlAxKVJtLt9CtFLklmInuUAE='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
For the record, carrying out the same Duo authentications in the normal Chrome does not produce the problem. I have searched extensively for the remedy of this error. Most seem to suggest the bypassing of CSP, which I cannot do since I could not edit the contents of the university authentication page.
I have tested the ability of the Chrome driver (controlled by selenium) to invoke the u2f extension of chrome, since other websites seem to work well. From the second error thrown
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://kmendfapggjehodndflmmgagdbamhnfd') does not match the recipient window's origin ('null'). (anonymous) @ prompt.js?v=16c0d:5 func._wrapped @ errors.js?v=65ffc:67
it seem to suggest that the iframe that Duo authentication is not properly loaded, which could result from the previous error.
My question is why does using selenium and Chrome webdriver cause this CSP error?
I'm still quite new to web development, so I might be missing some information. If someone experienced could offer their intuition on this problem, I would try it out!
Additional information:
The file that the CSP error is thrown from is the javascript file that is prompting Duo authentication. In particular, thrown at iframe.setAttribute method.
u2f.getIframePort_ = function (callback) { var iframeOrigin = "chrome-extension://" + u2f.EXTENSION_ID, iframe = document.createElement("iframe"); iframe.src = iframeOrigin + "/u2f-comms.html", iframe.setAttribute("style", "display:none"), document.body.appendChild(iframe); var channel = new MessageChannel; channel.port1.addEventListener("message", function ready(message) { "ready" == message.data ? (channel.port1.removeEventListener("message", ready), callback(channel.port1)) : console.error('First event on iframe port was not "ready"') }), channel.port1.start(), iframe.addEventListener("load", function () { iframe.contentWindow.postMessage("init", iframeOrigin, [channel.port2]) }) }
Aucun commentaire:
Enregistrer un commentaire