Update error message to be more specific about same-origin policy

[jennifer-shehane]

• Closes visiting https then http of same subdomain fails saying you can only visit a single unique domain per test #6048

User facing changelog

The error messages displayed when rerouting to a non same-origin domain has been updated to more accurately reflect the rules around same-origin policy.

Additional details

The test below fails in Cypress (this is as designed). The problem is that the error message says you can only visit the same superdomain, so users are like....uh....these are the same superdomain.

it('visit https after http subdomain', () => {
  cy.visit('https://www.cypress.io')
  cy.visit('http://docs.cypress.io') // fails
})

The actual same-origin policy qualifies that two URLs have the same origin if the protocol, port (if specified), and host are the same. So the error message is now more specific about this and will link to a better written doc also.

How has the user experience changed?

Before (cross origin error)

After (cross origin error)

Before (visit error)

After (visit error)

When different protocol

When different port

When different superdomain

When all different

PR Tasks

• Have tests been added/updated?
• Has the original issue been tagged with a release in ZenHub?
• Has a PR for user-facing changes been opened in cypress-documentation? Update mention of 'single domain' to be more specific about 'cross-origin' cypress-documentation#2364
• [NA] Have API changes been updated in the type definitions?
• [NA] Have new configuration options been added to the cypress.schema.json?

[cypress-bot]

Thanks for the contribution! Below are some guidelines Cypress uses when doing PR reviews.

• Please write [WIP] in the title of your Pull Request if your PR is not ready for review - someone will review your PR as soon as the [WIP] is removed.
• Please familiarize yourself with the PR Review Checklist and feel free to make updates on your PR based on these guidelines.

PR Review Checklist

If any of the following requirements can't be met, leave a comment in the review selecting 'Request changes', otherwise 'Approve'.

User Experience

• The feature/bugfix is self-documenting from within the product.
• The change provides the end user with a way to fix their problem (no dead ends).

Functionality

• The code works and performs its intended function with the correct logic.
• Performance has been factored in (for example, the code cleans up after itself to not cause memory leaks).
• The code guards against edge cases and invalid input and has tests to cover it.

Maintainability

• The code is readable (too many nested 'if's are a bad sign).
• Names used for variables, methods, etc, clearly describe their function.
• The code is easy to understood and there are relevant comments explaining.
• New algorithms are documented in the code with link(s) to external docs (flowcharts, w3c, chrome, firefox).
• There are comments containing link(s) to the addressed issue (in tests and code).

Quality

• The change does not reimplement code.
• There's not a module from the ecosystem that should be used instead.
• There is no redundant or duplicate code.
• There are no irrelevant comments left in the code.
• Tests are testing the code’s intended functionality in the best way possible.

Internal

• The original issue has been tagged with a release in ZenHub.

[cypress]

---

Test summary

6946 • 0 • 97 • 0

---

Run details

Project	cypress
Status	Passed
Commit	a75221a
Started	Feb 24, 2020 7:22 AM
Ended	Feb 24, 2020 7:27 AM
Duration	05:25 💡
OS	Linux Debian - 9.11
Browser	Multiple

View run in Cypress Dashboard ➡️

---

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

[flotwig]

The actual same-origin policy qualifies that two URLs have the same origin if the protocol, port (if specified), and host are the same. So the error message is now more specific about this and will link to a better written doc also.

Can we mention this in the error somehow? I feel like this is the most important information for the user to understand the error, and yet it is not mentioned anywhere in the error.

[flotwig]

The actual same-origin policy qualifies that two URLs have the same origin if the protocol, port (if specified), and host are the same. So the error message is now more specific about this and will link to a better written doc also.

Can we mention this in the error somehow? I feel like this is the most important information for the user to understand the error, and yet it is not mentioned anywhere in the error.

[jennifer-shehane]

@flotwig OK! I updated this again off of Brian's suggestion. A new specific error will show for each scenario - so different messages for if different port, protocol, or superdomain.

[flotwig]

maybe this could be improved to be a little more natural-sounding with 1 item, but eh, this is probably clear enough. what do you think? here's what i mean, with 1 list item it sounds like this:

The new URL is considered a different origin because the following parts of the URL are different: port

[jennifer-shehane]

The error messages aren't great to work with as are and need the error improvements PR to make this a function which could actually be manipulated easier to write this more natural. So, this is good as is.

[flotwig]

nice

[jennifer-shehane]

Updated the 'differences' to be indented as well as the urls for better readability off of @brian-mann suggestions.