Skip to content

fix(snapshot): support no-unsafe-eval CSP by evaluating snapshot files outside the tester#10665

Draft
hi-ogawa wants to merge 1 commit into
vitest-dev:mainfrom
hi-ogawa:snapshot-csp-server-eval
Draft

fix(snapshot): support no-unsafe-eval CSP by evaluating snapshot files outside the tester#10665
hi-ogawa wants to merge 1 commit into
vitest-dev:mainfrom
hi-ogawa:snapshot-csp-server-eval

Conversation

@hi-ogawa

@hi-ogawa hi-ogawa commented Jun 26, 2026

Copy link
Copy Markdown
Collaborator

Description

pushing changes before I (and agent) forget my review context of #10646

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. If the feature is substantial or introduces breaking changes without a discussion, PR might be closed.
  • Ideally, include a test that fails without this PR but passes with it.
  • Please, don't make changes to pnpm-lock.yaml unless you introduce a new test example.
  • Please check Allow edits by maintainers to make review process faster. Note that this option is not available for repositories that are owned by Github organizations.

Tests

  • Run the tests with pnpm test:ci.

Documentation

  • If you introduce new functionality, document it. You can run documentation with pnpm run docs command.

Changesets

  • Changes in changelog are generated from PR name. Please, make sure that it explains your changes in an understandable manner. Please, prefix changeset messages with feat:, fix:, perf:, docs:, or chore:.

@hi-ogawa
fix(snapshot): support no-unsafe-eval CSP by evaluating snapshot file…
7bed7d3 
…s outside the tester

Add an optional `readSnapshotFileData` to `SnapshotEnvironment` so environments
that cannot evaluate snapshot content in the test runtime (e.g. the browser under
a `no-unsafe-eval` CSP) can evaluate it elsewhere. `SnapshotState.create` provides
the general default inline: it reads and evaluates the file in the current runtime
when the environment does not implement the method. The browser is the only
environment that overrides it, delegating to the server over RPC.

Replace the silent `getSnapshotData` eval with `evaluateSnapshotFile`, which throws
a hard error on corrupted snapshot files instead of swallowing it.

Co-authored-by: OpenCode (claude-opus-4-8) <noreply@opencode.ai>
@netlify

netlify Bot commented Jun 26, 2026

Copy link
Copy Markdown

Deploy Preview for vitest-dev ready!

Built without sensitive environment variables

Name Link
🔨 Latest commit 7bed7d3
🔍 Latest deploy log https://app.netlify.com/projects/vitest-dev/deploys/6a3dfa15335d8300081eeff3
😎 Deploy Preview https://deploy-preview-10665--vitest-dev.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

getSnapshotData swallows the parse error, making snapshot failures impossible to debug

1 participant

@hi-ogawa