Thursday, 7 July 2016

How did Selenium RC handle same origin policy problem?

How did Selenium RC handle same origin policy problem?

Problem:
“Same Origin Policy or Cross-site scripting” is a browser security policy.

Same Origin policy prohibits JavaScript code from accessing elements from a domain that is different from where it was launched.

Example 1: The HTML code in www.google.com uses a JavaScript program "testScript.js". The same origin policy will only allow testScript.js to access pages within google.com such as google.com/mail, google.com/login, or google.com/signup. However, it cannot access pages from different sites such as yahoo.com/search or fbk.com because they belong to different domains.




Example 2: The browser is getting a script from Selenium which tells it that it wants to fetch resources from http://google.com. But the browser got this script from http://localhost:4444/selenium (for example). The browser says "hey this script came from “localhost” and now it's requesting a resource from some outside website. This violated the same-origin-policy.

Solution:

 So, In order to handle same origin policy, Selenium Remote Control was introduced.






In Detail:
So, how did Selenium RC handle this? To overcome this security restriction,
Selenium RC acts as an HTTP Proxy Server. When the test script asks to launch
a browser, Selenium RC server launches the browser and injects its JavaScript
(Selenium Core) into the browser. All the subsequent requests for the AUT go
through Selenium RC (acting as an HTTP Proxy Server) to the actual web server
hosting WAUT. Thus making the browser think that the web application is being
served from the Selenium RC’s server domain than the actual web server’s domain
and allowing Selenium Core to execute and drive the web application.

No comments:

Post a Comment