Feature specs sometimes fail on content security policy error, when loading hot module reload script
There's an issue where feature specs sometimes fail because the hot module reloader address is not allowed by the CSP. This happens when the hostname is changed from localhost
.
Example: gitlab#416661 (comment 1452117899)
In the test:
JSConsoleError:
Unexpected browser console output:
webpack-internal:///AjYE 15 Refused to connect to 'ws://gdk.test:3001/_hmr/' because it violates the following Content Security Policy directive: "connect-src 'self' ws://localhost localhost".
and in the UI:
Uncaught runtime errors:
ERROR
Cannot read properties of null (reading 'addEventListener')
TypeError: Cannot read properties of null (reading 'addEventListener')
Stack trace
Full example trace
1.2) Failure/Error: raise JSConsoleError, message
JSConsoleError:
Unexpected browser console output:
webpack-internal:///AjYE 15 Refused to connect to 'ws://gdk.test:3001/_hmr/' because it violates the following Content Security Policy directive: "connect-src 'self' ws://localhost localhost".
webpack-internal:///4BFc 130:13 Uncaught TypeError: Cannot read properties of null (reading 'addEventListener')
webpack-internal:///1WDD 492:22 "[webpack-dev-server]" Event
# ./spec/support/capybara.rb:220:in `block (2 levels) in <main>'
# ./spec/spec_helper.rb:444:in `block (3 levels) in <top (required)>'
# ./spec/support/sidekiq_middleware.rb:18:in `with_sidekiq_server_middleware'
# ./spec/spec_helper.rb:435:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:431:in `block (3 levels) in <top (required)>'
# ./lib/gitlab/application_context.rb:61:in `with_raw_context'
# ./spec/spec_helper.rb:431:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:268:in `block (2 levels) in <top (required)>'
# ./spec/support/system_exit_detected.rb:7:in `block (2 levels) in <main>'
# ./spec/support/database/prevent_cross_joins.rb:106:in `block (3 levels) in <main>'
# ./spec/support/database/prevent_cross_joins.rb:60:in `with_cross_joins_prevented'
# ./spec/support/database/prevent_cross_joins.rb:106:in `block (2 levels) in <main>'
To reproduce
- Set up a hostname other than
localhost
ingdk.yml
. - Ensure that
live_reload
is not set tofalse
. - Run
gdk reconfigure
if required. - Run
bin/rspec ee/spec/features/projects/new_project_spec.rb:150
in the/gitlab
directory.
Proposed solution
The content security policy comes from gitlab.yml
.
Having this line pull the hostname field from gdk.yml
might fix this issue permanently. Essentially replacing ws://localhost:*
with ws://{hostname}:*
.
Notes
I'm not sure why this only causes some specs to fail. This is probably worth investigating.
There's currently a workaround - disable the hot module reloader completely before running feature specs:
# gdk.yml
webpack:
live_reload: false
Then run gdk reconfigure
.
Edited by Tristan Read