fix: re include document domain injections for spec-bridge and inject…

…ion and disable origin-agent-cluster (#25013) * Revert "chore: remove document.domain usage for cross-origin testing (#24945)" This reverts commit a3d3074. * fix: set origin-agent-cluster=?0 for the spec bridge iframe * re apply comment that was reverted in 1fa1246 * Update packages/server/lib/routes-e2e.ts Co-authored-by: Matt Schile <mschile@cypress.io> * chore: update document.domain immutable target from chrome 106 -> chrome 109 Co-authored-by: Matt Schile <mschile@cypress.io>
cypress-io · Dec 6, 2022 · ca01e29 · ca01e29 · cypress-bot · Dec 6, 2022
1 parent afb66ab
commit ca01e29
Show file tree

Hide file tree

Showing 9 changed files with 33 additions and 11 deletions.
diff --git a/packages/driver/src/cypress.ts b/packages/driver/src/cypress.ts
@@ -180,10 +180,9 @@ class $Cypress {
   configure (config: Record<string, any> = {}) {
     const domainName = config.remote ? config.remote.domainName : undefined
 
-    // set domainName but allow us to turn off this feature in testing. not
-    // needed for cross-origin spec bridge, since it is strictly used
-    // same-origin
-    if (domainName && !this.isCrossOriginSpecBridge && config.testingType === 'e2e') {
+    // set domainName but allow us to turn
+    // off this feature in testing
+    if (domainName && config.testingType === 'e2e') {
       document.domain = domainName
     }
 

diff --git a/packages/proxy/lib/http/response-middleware.ts b/packages/proxy/lib/http/response-middleware.ts
@@ -301,7 +301,7 @@ const SetInjectionLevel: ResponseMiddleware = function () {
   }
 
   if (this.res.wantsInjection) {
-    // Chrome plans to make document.domain immutable in Chrome 106, with the default value
+    // Chrome plans to make document.domain immutable in Chrome 109, with the default value
     // of the Origin-Agent-Cluster header becoming 'true'. We explicitly disable this header
     // so that we can continue to support tests that visit multiple subdomains in a single spec.
     // https://github.com/cypress-io/cypress/issues/20147

diff --git a/packages/proxy/lib/http/util/inject.ts b/packages/proxy/lib/http/util/inject.ts
@@ -28,11 +28,13 @@ export function full (domain) {
   })
 }
 
-export async function fullCrossOrigin (options: FullCrossOriginOpts) {
+export async function fullCrossOrigin (domain, options: FullCrossOriginOpts) {
   const contents = await getRunnerCrossOriginInjectionContents()
 
   return oneLine`
     <script type='text/javascript'>
+      document.domain = '${domain}';
+
       (function (cypressConfig) {
         ${contents}
       }(${JSON.stringify(options)}));

diff --git a/packages/proxy/lib/http/util/rewriter.ts b/packages/proxy/lib/http/util/rewriter.ts
@@ -42,7 +42,7 @@ function getHtmlToInject (opts: InjectionOpts & SecurityOpts) {
     case 'full':
       return inject.full(domainName)
     case 'fullCrossOrigin':
-      return inject.fullCrossOrigin({
+      return inject.fullCrossOrigin(domainName, {
         modifyObstructiveThirdPartyCode,
         modifyObstructiveCode,
         simulatedCookies,

diff --git a/packages/server/lib/controllers/iframes.ts b/packages/server/lib/controllers/iframes.ts
@@ -32,7 +32,7 @@ export const iframesController = {
       extraOptions,
     })
 
-    // Chrome plans to make document.domain immutable in Chrome 106, with the default value
+    // Chrome plans to make document.domain immutable in Chrome 109, with the default value
     // of the Origin-Agent-Cluster header becoming 'true'. We explicitly disable this header
     // so that we can continue to support tests that visit multiple subdomains in a single spec.
     // https://github.com/cypress-io/cypress/issues/20147

diff --git a/packages/server/lib/html/spec-bridge-iframe.html b/packages/server/lib/html/spec-bridge-iframe.html
@@ -5,6 +5,9 @@
     <title>{{title}}</title>
   </head>
   <body>
+    <script type="text/javascript">
+      document.domain = '{{domain}}';
+    </script>
     <script src="/{{namespace}}/runner/cypress_cross_origin_runner.js"></script>
   </body>
 </html>
diff --git a/packages/server/lib/routes-e2e.ts b/packages/server/lib/routes-e2e.ts
@@ -98,6 +98,13 @@ export const createRoutesE2E = ({
   routesE2E.get('/__cypress/spec-bridge-iframes', (req, res) => {
     debug('handling cross-origin iframe for domain: %s', req.hostname)
 
+    // Chrome plans to make document.domain immutable in Chrome 109, with the default value
+    // of the Origin-Agent-Cluster header becoming 'true'. We explicitly disable this header
+    // in the spec-bridge-iframe to allow setting document.domain to the bare domain
+    // to guarantee the spec bridge can communicate with the injected code.
+    // @see https://github.com/cypress-io/cypress/issues/25010
+    res.setHeader('Origin-Agent-Cluster', '?0')
+
     files.handleCrossOriginIframe(req, res, config.namespace)
   })
 

diff --git a/packages/server/lib/routes.ts b/packages/server/lib/routes.ts
@@ -80,7 +80,7 @@ export const createCommonRoutes = ({
   router.get(clientRoute, (req: Request & { proxiedUrl?: string }, res) => {
     const nonProxied = req.proxiedUrl?.startsWith('/') ?? false
 
-    // Chrome plans to make document.domain immutable in Chrome 106, with the default value
+    // Chrome plans to make document.domain immutable in Chrome 109, with the default value
     // of the Origin-Agent-Cluster header becoming 'true'. We explicitly disable this header
     // so that we can continue to support tests that visit multiple subdomains in a single spec.
     // https://github.com/cypress-io/cypress/issues/20147

diff --git a/packages/server/test/integration/http_requests_spec.js b/packages/server/test/integration/http_requests_spec.js
@@ -322,6 +322,17 @@ describe('Routes', () => {
       })
     })
 
+    it('correctly sets the "origin-agent-cluster" to opt in to setting document.domain on spec bridge iframes', function () {
+      return this.rp('http://localhost:2020/__cypress/spec-bridge-iframes')
+      .then((res) => {
+        expect(res.statusCode).to.eq(200)
+
+        expect(res.body).to.match(/document.domain = \'localhost\'/)
+
+        expect(res.headers['origin-agent-cluster']).to.eq('?0')
+      })
+    })
+
     it('sets title to projectName', function () {
       return this.rp('http://localhost:2020/__')
       .then((res) => {
@@ -2651,7 +2662,7 @@ describe('Routes', () => {
         })
       })
 
-      it('does not inject document.domain on AUT iframe requests that do not match current superDomain', function () {
+      it('injects document.domain on AUT iframe requests that do not match current superDomain', function () {
         nock('http://www.foobar.com')
         .get('/')
         .reply(200, '<html><head></head><body>hi</body></html>', {
@@ -2671,7 +2682,7 @@ describe('Routes', () => {
 
           const body = cleanResponseBody(res.body)
 
-          expect(body).not.to.include('document.domain =')
+          expect(body).to.include(`<html><head> <script type='text/javascript'> document.domain = 'foobar.com';`)
         })
       })