'Unrecognized Content-Security-Policy directive “reflected-xss'” error related to PayPal generated via chromedriver

问题

For some reasons our continuous integration tests have failed since 7 feb 2017(Tue).

The log are generated via https://github.com/SeleniumHQ/selenium/wiki/JsonWireProtocol#user-content-log-entry-json-object

I have used chromium 56.0.2924.87-1
ChromeDriver 2.25

            [1] => Array
                (
                    [level] => SEVERE
                    [message] => https://www.sandbox.paypal.com/signin/inject/?stsRedirectUri=https%3A%2F%2Fwww.sandbox.paypal.com%2Fcheckoutnow%2F2&country.x=US&locale.x=en_US&returnUri=https%3A%2F%2Fwww.sandbox.paypal.com%2Fcheckoutnow%2F2&state=%3Fflow%3D1-P%26token%3DEC-5N74679848773161E%26useraction%3Dcommit&flowId=EC-5N74679848773161E&correlationId=c2516170ad8f6&flowContextData=d-T_d1elACFNiXhhfk4mio6Sh6WWFGmbOuXXROs9tP7rjABQARmehjUHUAKHiCRWrplD4ufu0B8WDTklRnEubKC-FY90pbF_e3y0S5fNbCjSjKyO8meAs7IsOC0&rememberMe=true - Unrecognized Content-Security-Policy directive 'reflected-xss'.

                    [timestamp] => 1486491911470
                )

            [2] => Array
                (
                    [level] => SEVERE
                    [message] => about:blank - Unrecognized Content-Security-Policy directive 'reflected-xss'.

                    [timestamp] => 1486491911554
                )

            [3] => Array
                (
                    [level] => SEVERE
                    [message] => about:blank - Unrecognized Content-Security-Policy directive 'reflected-xss'.

                    [timestamp] => 1486491911554
                )

            [4] => Array
                (
                    [level] => SEVERE
                    [message] => https://www.paypalobjects.com/web/res/069/67a0e1f4befbbcfdd8dc1dfb1f35b/js/app.js 47 Unrecognized Content-Security-Policy directive 'reflected-xss'.

                    [timestamp] => 1486491911899
                )

            [5] => Array
                (
                    [level] => SEVERE
                    [message] => https://www.paypalobjects.com/web/res/069/67a0e1f4befbbcfdd8dc1dfb1f35b/js/app.js 47 Unrecognized Content-Security-Policy directive 'reflected-xss'.

                    [timestamp] => 1486491911899
                )

Can I fix the problem on my side ?

回答1:

Chrome has deprecated this CSP in versions 56 and newer

https://www.chromestatus.com/feature/5769374145183744

It would be up to the site you're actually visiting to apply headers correctly, so not something you can control from your client side tests.

回答2:

Downgrade to chromium-55.0.2883.87-1 (ChromeDriver 2.24 ) helps me

来源：https://stackoverflow.com/questions/42107485/unrecognized-content-security-policy-directive-reflected-xss-error-related-t