feat: respect explicit allowedOrigins configurations #255
Conversation
| @@ -27,7 +27,7 @@ describe('doc-dylang.html', function () { | |||
| before(async function () { | |||
| // const app: express.Application = express() | |||
| const app: express.Application = express(); | |||
| app.use(express.static(path.resolve(__dirname, '..', 'fixtures'))); | |||
| app.use(express.static(path.resolve(__dirname, '..', 'fixtures'))); | |||
There was a problem hiding this comment.
The formatting changes to the existing tests were recommended by npm run fmt when I ran it as part of validating the new test
There was a problem hiding this comment.
👍 from me. I thought it was odd that we weren't allowing this to be configurable elsewhere. Will need an OK from Micheal tho.
|
We are working on features for axe-core 4.3 which will make allowedOrigins irrelevant for Selenium / Puppeteer. We did not add For axe-core 4.2 there are a few options available to let you configure what frames run. You can exclude specific frames, or all frames using the |
|
Thanks for sharing that, Wilco! We'll pursue a workaround until the 4.3 changes are available. |
#240 included a change to have the assorted integration libraries configure a default
allowedOriginspolicy, but in doing so, it overrides any explicitly-configuredallowedOriginssettings configured by a library consumer. We have an@axe-core/puppeteerconsumer (https://github.com/microsoft/accessibility-insights-service) where we'd like to be able to override the default policy; this PR implements that support by moving the configure call which sets the default to before the configure call with user-provided configuration.Our team technically only needs this for
@axe-core/puppeteer, but for consistency's sake I've included similar changes in each of the integration libraries which already included support for arbitraryconfigurecalls (puppeteer, react, webdriverjs, but not webdriverio, since it doesn't appear to support an arbitrary configure spec).We'd really appreciate if this could get in for the 4.2.1 release (@michael-siek , it looks like you're running this?) - we'd like to be able to use
allowedOriginsas part of picking up v4.2.x if possible.