Hi,

I am adding a WebDriver BiDi command to allow bypassing CSPs during automated testing (w3c/webdriver-bidi#1033). A use case from our users is that a script might change during development and they want to still be able to load it without changing the nonce. Or they want to dynamically inject resources during tests only.

The browsingContext.setCSPBypass command in the BiDi spec will allow configure bypassing CSP for specific browsing contexts or user contexts. The BiDi spec will then export an algorithm WebDriver BiDi CSP bypass is enabled which takes a navigable as parameter and returns a boolean.

I have found several enforcement points in the CSP3 spec where we could add calls to the BiDi hook (eg should request be blocked, should response be blocked, should navigation be blocked etc...). The pattern would be to retrieve the corresponding navigable for each enforcement point, call the BiDi hook for this navigable, and if it returns true skip the enforcement.

I will propose a PR shortly to illustrate, but if you have other suggestions on how this could work (or questions about the change in general) let me know.