This question is related to my other question - How to open a chrome trace file with ui.perfetto.dev non interactively?
I am attempting to open the trace events by navigating to the following url:
https://www.ui.perfetto.dev/#!/viewer?url=file://127.0.0.1/c:/Temp/events.json
However the document's Content Security Policy fails the call to fetch(url):
Refused to connect to 'file://127.0.0.1/C:/Temp/events.json' because it violates the document's Content Security Policy.
So, I would like to open a chrome window with disabled CSP. Ideally this window would not be used for anything else, but if it is not possible to enforce it, I am fine with it being a security hole if reused for other purposes. I can live with that.
I tried running chrome like this:
& $ChromeExe "https://www.ui.perfetto.dev/#!/viewer?url=file://127.0.0.1/c:/Temp/events.json" --disable-web-security --user-data-dir=c:\Temp\events
To no avail. The same document's CSP violation error message appears in the output. I do not think --disable-web-security is relevant for CSP at all, according to https://peter.sh/experiments/chromium-command-line-switches/ it has to do with CORS rather than CSP.
How can this be done?
Unfortunately (or actually, fortunately) a browser cannot open file:// URLs (if it could, it would be a nightmare for web security).
In order to achieve what you want, spawn a local HTTP server and use the ?url= argument (see my reply to How to open a chrome trace file with ui.perfetto.dev non interactively?)