Cli stuck, does not exit

[marcuslindblom]

I use 4.1.4 and when I test my page the cli just hangs with this message.

Running axe-core 4.1.4 in chrome-headless
Testing https://nimbleinitiatives.com ... please wait, this may take a minute.

I tried the verbose flag but nothing happens. Is it possible to debug and see what happens?

[marcuslindblom]

It seems to happen when the page does not have any errors

[Elte156]

I have the same issue in my CI/CD job.

$ axe example.com --chrome-options "no-sandbox" --timer --exit
Running axe-core 4.0.2 in chrome-headless

Testing https://example.com ... please wait, this may take a minute.

Too long with no output (exceeded 10m0s): context deadline exceeded

My CI/CD job expires because no output occurs from the axe cli.

If I curl the page first into a HTML file:

$ curl https://example.com --connect-timeout 10 --output test.html
$ axe file:///axe/test.html --chrome-options "no-sandbox" --timer --exit
Running axe-core 4.0.2 in chrome-headless

Testing file:///axe/test.html ... please wait, this may take a minute.
(node:43) Warning: Label 'page load time' already exists for console.time()
(Use `node --trace-warnings ...` to show where the warning was created)
axe-core execution time: 2.383s

  Violation of "color-contrast" with 1 occurrences!
    Ensures the contrast between foreground and background colors meets WCAG 2 AA contrast ratio thresholds. Correct invalid elements at:
     - iframe[title="reCAPTCHA"] .rc-anchor-center-item
    For details, see: https://dequeuniversity.com/rules/axe/4.0/color-contrast

1 Accessibility issues detected.

Total test time: 3.021s

Please note that only 20% to 50% of all accessibility issues can automatically be detected. 
Manual testing is always required. For more information see:
https://dequeuniversity.com/curriculum/courses/testingmethods


Exited with code exit status 1

Seems to be an issue with the webdriver reaching out and loading the url.

[marcuslindblom]

@Elte156 I also have a CSP in place so I think we have the exact same issue. If I understand correctly this fix just issue the timeout?

[Elte156]

@Elte156 I also have a CSP in place so I think we have the exact same issue. If I understand correctly this fix just issue the timeout?

Correct @marcuslindblom. The PR will at least exit, which presents the opportunity to give error feedback, instead of just hanging.

I found that if you use the CSP header that I described in the PR, AXE will be compatible with the rest of your CSP and process the page.

[marcuslindblom]

Ok, setting the CSP to unsafe is not an option for me so I guess I have to wait for an other fix 👍🏻

[Elte156]

@marcuslindblom I understand.

I got around this by having more lenient CSP rule sets in lower environments like local, test, and beta. Then I just test with AXE-cli without issue.

The axe puppeteer package mentions this toggle setBypassCSP to overcome the CSP issues.
https://github.com/dequelabs/axe-core-npm/blob/develop/packages/puppeteer/README.md#bypassing-content-security-policy
So I figured I'd sort of do the same during testing.

axe-core-npm/packages/cli/src/lib/axe-test-urls.ts

Lines 34 to 36 in a9e7921

	const script = document.createElement('script');
	script.innerHTML = 'document.documentElement.classList.add("deque-axe-is-ready");'
	document.documentElement.appendChild(script);

I believe this is what a strict CSP header (script-scr) does not like and will block AXE from continuing.

Are there any more instances where AXE needs to inject itself into the page?
I wonder if there is an alternative to the script injection, to determine if axe is ready.