Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change default AUT reloading and Cypress Cookie API behavior to align with cookie specifications #24094

Closed
AtofStryker opened this issue Oct 3, 2022 · 2 comments
Closed

Change default AUT reloading and Cypress Cookie API behavior to align with cookie specifications #24094

AtofStryker opened this issue Oct 3, 2022 · 2 comments
Labels
topic: cookies 🍪 topic: cy.origin Problems or enhancements related to cy.origin command type: breaking change Requires a new major release version
Milestone
experimentalSessi...

Comments

@AtofStryker
Copy link
Contributor

AtofStryker commented Oct 3, 2022
edited
Loading

Current behavior

Currently, Cypress Cookie APIs do not correctly set domain on cookie values.

The default value provided for domain in the documentation isn't correct and is actually the super domain of the hostname. The reason I believe we do this is because we need to be able to set cookies in a cross-origin/same-site context, as Cypress does NOT reload the AUT when super domain origin policies match. For example:

cy.visit('http://www.foobar.com:3500')
// Do some stuff
cy.visit('http://app.foobar.com:3500')
// super domain origin policy is the same. Application will not reload to re-set top
// The spec iframe is on http://www.foobar.com:3500 but the AUT is on http://app.foobar.com:3500,
// which makes them cross-origin. In order to actually set the cookie in the browser, 
// the spec iframe MUST set the cookie on the super domain 
// as setting on the spec iframe hostname (www.foobar.com) isn't correct, 
// and it doesn't have permission to set on the AUT iframe (app.foobar.com), and the application will fail. 
cy.setCookie('foo', 'bar')
// cookie domain is foobar.com, when it should be app.foobar.com

Desired behavior

When cy.origin is released as Generally Available (GA) or close to GA, I believe we should change this behavior to the following

  • reload the app when the origin changes as opposed to super domain origin to allow cookies to be set from within the spec iframe to follow suite with the cookie specification
  • if users need to navigate to a sub domain, encourage the use of a cy.origin block, which will accurately set cookies in the spec iframe cy.origin command with the introduction of same origin spec bridges
  • fix the cookie defaults to apply the hostname as the domain instead of the superDomain
  • update remote_states to use origin policy instead of super domain origin when pushing origins onto the stack
  • change doesAUTMatchTopSuperDomainOrigin to be doesAUTMatchTopOrigin to remove the iframe source when origins do not match instead of super domain origins when triggering interactive snapshot mode.
  • update request/response middleware and server-e2e to check for origin policy match instead of super domain origin policy when checking for cross origin.
  • remove all references to super domain origin entirely within the codebase as it should no longer be used. This removes the invented term of super domain origin and hopefully discontinues its use permanently within Cypress

Test code to reproduce

See issue #23698 for setCookie behavior

Cypress Version

10.9.0

Node version

16.15.0

Operating System

macOS 12.6

Debug Logs

No response

Other

No response
@AtofStryker AtofStryker added type: breaking change Requires a new major release version topic: cookies 🍪 topic: cy.origin Problems or enhancements related to cy.origin command labels Oct 3, 2022
This was referenced Oct 3, 2022
Closed
Closed
Closed
Closed
@mjhenkes
Copy link
Member

Closing in favor of: #24274
#24275

@cypress-bot
Copy link
Contributor

cypress-bot bot commented Nov 10, 2022

Released in 11.0.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v11.0.0, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Nov 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
topic: cookies 🍪 topic: cy.origin Problems or enhancements related to cy.origin command type: breaking change Requires a new major release version
Projects
None yet
Milestone
experimentalSessionAndOrigin GA
Development

No branches or pull requests
2 participants
@mjhenkes @AtofStryker