chore: bump firefox version we test against to 141 (#32078)

* chore: bump firefox version we test against to 141

* account for unspecified sameSite which is now available in firefox 140

* fix expected error string for invalid cookie

* override FORCE_FIREFOX_CDP firefox 141

* fix cdp override in ff 141+

* maybe fix cookeie system tests? seem to time out locally

* set family as well as name

* fix system tests fore ff 141

* fix ff deprecation

* rm erroneous err param

* assume firefox is modern in cookies driver e2e test

* Update system-tests/lib/system-tests.ts

* we do still run tests against firefox 134

---------

Co-authored-by: Bill Glesias <bglesias@gmail.com>
Co-authored-by: Cacie Prins <cacieprins@users.noreply.github.com>
Co-authored-by: Cacie Prins <cacie@cypress.io>

Author: 3 people

.circleci/workflows.yml

@@ -2,7 +2,7 @@ version: 2.1
 
 chrome-stable-version: &chrome-stable-version "138.0.7204.183"
 chrome-beta-version: &chrome-beta-version "139.0.7258.66"
-firefox-stable-version: &firefox-stable-version "137.0"
+firefox-stable-version: &firefox-stable-version "141.0"
 
 orbs:
   browser-tools: circleci/browser-tools@2.1.1

cli/types/cypress.d.ts

@@ -3815,7 +3815,7 @@ declare namespace Cypress {
     validate?: () => Promise<false | void> | void
   }
 
-  type SameSiteStatus = 'no_restriction' | 'strict' | 'lax'
+  type SameSiteStatus = 'no_restriction' | 'strict' | 'lax' | 'unspecified'
 
   interface SelectFileOptions extends Loggable, Timeoutable, ActionableOptions {
     /**
@@ -3866,8 +3866,8 @@ declare namespace Cypress {
      */
     expiry: number
     /**
-     * The cookie's SameSite value. If set, should be one of `lax`, `strict`, or `no_restriction`.
-     * `no_restriction` is the equivalent of `SameSite=None`. Pass `undefined` to use the browser's default.
+     * The cookie's SameSite value. If set, should be one of `lax`, `strict`, `no_restriction`, or `unspecified`.
+     * `no_restriction` is the equivalent of `SameSite=None`. Pass `undefined` to use the browser's default ('unspecified' is the default for Firefox 140 and up).
      * Note: `no_restriction` can only be used if the secure flag is set to `true`.
      * @default undefined
      */

packages/driver/cypress/e2e/commands/cookies.cy.js

@@ -1374,10 +1374,18 @@ describe('src/cy/commands/cookies', () => {
 
       cy.setCookie('five', 'bar')
 
-      // @see https://bugzilla.mozilla.org/show_bug.cgi?id=1624668
-      // TODO(webkit): pw webkit has the same issue as firefox (no "unspecified" state), need a patched binary
-      if (Cypress.isBrowser('firefox') || Cypress.isBrowser('webkit')) {
-        cy.getCookie('five').should('include', { sameSite: 'no_restriction' })
+      // @see https://bugzilla.mozilla.org/show_bug.cgi?id=1550032
+      // Firefox bidi returns "unspecified" for sameSite;
+      // webkit & firefox < 135 return "no_restriction" for sameSite;
+      // other browsers do not return sameSite at all
+      const sameSite = (
+        (Cypress.isBrowser('firefox') && Number(Cypress.browser.majorVersion) < 135) ||
+        Cypress.isBrowser('webkit')
+      ) ? 'no_restriction' :
+        Cypress.isBrowser('firefox') ? 'unspecified' : null
+
+      if (sameSite) {
+        cy.getCookie('five').should('include', { sameSite })
       } else {
         cy.getCookie('five').should('not.have.property', 'sameSite')
       }
@@ -1515,7 +1523,7 @@ describe('src/cy/commands/cookies', () => {
           assertLogLength(this.logs, 1)
           expect(lastLog.get('error').message).to.eq(stripIndent`
             If a \`sameSite\` value is supplied to \`cy.setCookie()\`, it must be a string from the following list:
-              > no_restriction, lax, strict
+              > no_restriction, lax, strict, unspecified
             You passed:
               > bad`)
 

packages/driver/cypress/e2e/e2e/e2e_cookies.cy.js

@@ -8,7 +8,7 @@ const cleanse = (cookies) => {
   })
 }
 
-const firefoxDefaultSameSite = Cypress.isBrowser({ family: 'firefox' }) ? { sameSite: 'no_restriction' } : {}
+const firefoxDefaultSameSite = Cypress.isBrowser({ family: 'firefox' }) ? { sameSite: 'unspecified' } : {}
 
 describe('e2e cookies spec', () => {
   it('simple cookie', () => {

packages/driver/cypress/e2e/e2e/origin/cookie_login.cy.ts

@@ -192,8 +192,7 @@ describe('cy.origin - cookie login', { browser: '!webkit' }, () => {
       verifyIdpNotLoggedIn({ expectNullCookie: false })
     })
 
-    // FIXME: Currently in Firefox, the default cookie setting in the extension is no_restriction, which can be set with Secure=false.
-    it('SameSite=None -> not logged in', { browser: '!firefox' }, () => {
+    it('SameSite=None -> not logged in', () => {
       cy.origin('http://www.foobar.com:3500', { args: { username } }, ({ username }) => {
         cy.get('[data-cy="username"]').type(username)
         cy.get('[data-cy="cookieProps"]').type('SameSite=None')

packages/driver/src/cy/commands/cookies.ts

@@ -21,7 +21,7 @@ function pickCookieProps (cookie) {
 // different defaults, and Firefox lacks support for `unspecified`, so
 // `undefined` is used in lieu of `unspecified`
 // @see https://bugzilla.mozilla.org/show_bug.cgi?id=1624668
-const VALID_SAMESITE_VALUES = ['no_restriction', 'lax', 'strict']
+const VALID_SAMESITE_VALUES = ['no_restriction', 'lax', 'strict', 'unspecified']
 
 function normalizeSameSite (sameSite?: string) {
   if (_.isUndefined(sameSite)) {

packages/errors/__snapshot-html__/CDP_FIREFOX_DEPRECATED.html

@@ -1164,7 +1164,7 @@ export const AllCypressErrors = {
     return errTemplate`Still waiting to connect to ${fmt.off(_.capitalize(browserName))}, retrying in 1 second ${fmt.meta(`(attempt ${attempt}/${connectRetryThreshold})`)}`
   },
   CDP_FIREFOX_DEPRECATED: () => {
-    return errTemplate`Since Firefox 129, Chrome DevTools Protocol (CDP) has been deprecated in Firefox. In Firefox 135 and above, Cypress defaults to automating the Firefox browser with WebDriver BiDi. Cypress will no longer support CDP within Firefox in the future and is planned for removal in Cypress 15.`
+    return errTemplate`Since Firefox 129, Chrome DevTools Protocol (CDP) has been deprecated in Firefox. In Firefox 135 and above, Cypress defaults to automating the Firefox browser with WebDriver BiDi. CDP support was removed in Firefox 141. Cypress will no longer support CDP in Firefox 141+, and will be removed for older versions of Firefox in Cypress 15.`
   },
   BROWSER_PROCESS_CLOSED_UNEXPECTEDLY: (browserName: string) => {
     return errTemplate`\

packages/errors/src/errors.ts

@@ -409,25 +409,31 @@ export function clearInstanceState (options: GracefulShutdownOptions = {}) {
   }
 }
 
-function shouldUseBiDi (browser: Browser): boolean {
+function shouldUseCdp (browser: Browser): boolean {
   try {
     // Gating on firefox version 135 to turn on BiDi as this is when all of our internal Cypress tests were able to pass.
-    return (browser.family === 'firefox' && !process.env.FORCE_FIREFOX_CDP && Number(browser.majorVersion) >= 135)
+    // CDP is not supported in Firefox 141+, so we always use BiDi for FF141+.
+    return (
+      browser.family === 'firefox' && (
+        Number(browser.majorVersion) < 135 ||
+        (Number(browser.majorVersion) < 141 && !!process.env.FORCE_FIREFOX_CDP)
+      )
+    )
   } catch (err: unknown) {
     return false
   }
 }
 
 export async function connectToNewSpec (browser: Browser, options: BrowserNewTabOpts, automation: Automation) {
-  if (shouldUseBiDi(browser)) {
+  if (shouldUseCdp(browser)) {
+    debug('connectToNewSpec cdp')
+    await firefoxUtil.connectToNewSpecCDP(options, automation, browserCriClient!)
+  } else {
     debug('connectToNewSpec bidi')
     await firefoxUtil.connectToNewSpecBiDi(options, automation, browserBidiClient!)
 
     debug('registering middleware')
     automation.use(browserBidiClient!.automationMiddleware)
-  } else {
-    debug('connectToNewSpec cdp')
-    await firefoxUtil.connectToNewSpecCDP(options, automation, browserCriClient!)
   }
 }
 
@@ -450,9 +456,10 @@ async function recordVideo (videoApi: RunModeVideoApi) {
 }
 
 export async function open (browser: Browser, url: string, options: BrowserLaunchOpts, automation: Automation): Promise<BrowserInstance> {
-  const USE_WEBDRIVER_BIDI = shouldUseBiDi(browser)
+  const USE_WEBDRIVER_BIDI = !shouldUseCdp(browser)
 
-  if (!USE_WEBDRIVER_BIDI) {
+  // Even if the user has set FORCE_FIREFOX_CDP, we override this and use BiDi in FF141+
+  if (!USE_WEBDRIVER_BIDI || (USE_WEBDRIVER_BIDI && !!process.env.FORCE_FIREFOX_CDP)) {
     errors.warning('CDP_FIREFOX_DEPRECATED')
   }
 
@@ -620,6 +627,8 @@ export async function open (browser: Browser, url: string, options: BrowserLaunc
 
   debug('launch in firefox', { url, args: launchOptions.args })
 
+  const { FORCE_FIREFOX_CDP, ...launchEnvs } = process.env
+
   const geckoDriverOptions: GeckodriverParameters = {
     host: '127.0.0.1',
     // geckodriver port is assigned under the hood by @wdio/utils
@@ -636,7 +645,7 @@ export async function open (browser: Browser, url: string, options: BrowserLaunc
       stdio: ['ignore', 'pipe', 'pipe'],
       env: {
         ...BROWSER_ENVS,
-        ...process.env,
+        ...launchEnvs,
       },
     },
     jsdebugger: Debug.enabled(GECKODRIVER_DEBUG_NAMESPACE_VERBOSE) || false,

packages/server/lib/browsers/firefox.ts

@@ -227,9 +227,10 @@ export class SocketBase {
 
           debug('automation:client connected')
 
+          debug('cdp forced for firefox?', !!process.env.FORCE_FIREFOX_CDP && Number(options.getCurrentBrowser()?.majorVersion) < 141)
           // only send the necessary config
           automationClient.emit('automation:config', {
-            IS_CDP_FORCED_FOR_FIREFOX: !!process.env.FORCE_FIREFOX_CDP,
+            IS_CDP_FORCED_FOR_FIREFOX: !!process.env.FORCE_FIREFOX_CDP && Number(options.getCurrentBrowser()?.majorVersion) < 141,
           })
 
           // if our automation disconnects then we're