CSP (Content Security Policy) is breaking KAR from working at all

Whenever I try to run our unit tests on our website, I get the error message:

[error] Error: call to eval() blocked by CSP

In the console.

The CSP header is set:

Content-Security-Policy: default-src ‘self’; script-src ‘self’ https://rum-static.pingdom.net https://ajax.googleapis.com https://ajax.aspnetcdn.com https://www.google-analytics.com https://ssl.google-analytics.com https://.ytimg.com https://connect.facebook.net https://graph.facebook.com https://.twitter.com https://cdn.syndication.twimg.com https://api.pinterest.com https://api.instagram.com https://platform.instagram.com; style-src ‘unsafe-inline’ ‘self’ https://fonts.googleapis.com https://platform.twitter.com https://ton.twimg.com; img-src ‘self’ data: https://www.gravatar.com https://www.google-analytics.com https://rum-collector.pingdom.net https://.facebook.com https://.twitter.com https://.twimg.com https://t.co https://www.instagram.com https://.cdninstagram.com; connect-src ‘self’ https://www.gravatar.com https://www.google-analytics.com; font-src ‘self’ data: https://fonts.gstatic.com https://fonts.googleapis.com; object-src ‘self’; media-src ‘self’; frame-src ‘self’ https://.fls.doubleclick.net https://www.youtube.com https://player.vimeo.com https://.twitter.com https://.facebook.com https://open.spotify.com; child-src ‘self’ https://.fls.doubleclick.net https://www.youtube.com https://player.vimeo.com https://.twitter.com https://.facebook.com; form-action ‘self’ https://*.twitter.com; frame-ancestors ‘self’; upgrade-insecure-requests

Does this tool work with CSP policies at all? Or do I need to look for a different unit testing solution?

Thanks

Interestingly, it seems this works in chrome but not firefox

Thank you for your feedback. There is a similar discussion here http://forum.katalon.com/discussion/6007/getting-content-security-policy-errors-now.

We’ve added this question and a workaround to the FAQ #5 https://docs.katalon.com/x/7gHR.