feat: same origin spec bridges

[AtofStryker]

• Closes Force cy.origin to use same origin instead of same super domain origin #23999
• Closes Can't reach to redirected page by the cy.origin() or by 3rd party authentication request when using Chrome browser #23814
• Closes cy.origin() not working when the application redirects to external origin  #24085
• Closes Error when logging into Google Docs #22882
• Closes attempt to log into gmail account, got "Cookies are disabled" warning #17166 (in tandem with feat: Improve simulated top cookie handling #23872)

User facing changelog

cy.origin's url argument must be an exact origin match to the origin of the AUT

Additional details

In order to support google authentication within cy.origin and eliminate inconsistencies, we are moving away from same super domain origin spec bridge to strictly same origin spec bridges. This solves a few issues we have been running into with origin policy and introduces a breaking change into

Steps to test

How has the user experience changed?

PR Tasks

• Have tests been added/updated?
• Has the original issue (or this PR, if no issue exists) been tagged with a release in ZenHub? (user-facing changes only)
• Has a PR for user-facing changes been opened in cypress-documentation? After looking at the documentation, all of our examples actually use same origin spec bridges 😄
• Have API changes been updated in the type definitions?

[cypress-bot]

Thanks for taking the time to open a PR!

• Create a Draft Pull Request if your PR is not ready for review. Mark the PR as Ready for Review when you're ready for a Cypress team member to review the PR.
• Become familiar with the Code Review Checklist for guidelines on coding standards and what needs to be done before a PR can be merged.

[cypress]

---

Test summary

4121 • 0 • 350 • 0 • 0

---

Run details

Project	cypress
Status	Passed
Commit	15d2ada
Started	Oct 4, 2022 10:08 PM
Ended	Oct 4, 2022 10:20 PM
Duration	12:05 💡
OS	Linux Debian - 11.4
Browser	Electron 106

View run in Cypress Dashboard ➡️

---

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

[AtofStryker]

since many of the requests are now same origin, we don't get the origin header, so we grab it from the referrer for the cookie_behavior tests

[mschile]

What side effects was this causing? Is this a separate issue from "same origin spec bridges" or was it exposed during these code changes?

[AtofStryker]

Main issue is sometimes setting a cookie on the domain that isn't cleared in firefox that we don't even need because we don't do full injection. I would say it was always an issue and was exposed more so with these changes.

example within firefox before:
spec bridge was creating a __cypress.initial cookie on foobar.com domain (not .foobar.com)
AUT is at www.foobar.com and makes requests. __cypress.initial cookie isn't attached because it doesn't fit the domain policy (foobar.com vs .foobar.com)

example within firefox after:
spec bridge was creating a __cypress.initial cookie on www.foobar.com domain (www.foobar.com)
AUT is at www.foobar.com and makes requests. __cypress.initial cookie is attached and is never cleared

Not sure if this is an underlying issue with js-cookie, but the domain that is set in firefox for the cookie is different than that of chromium browsers. We don't see it in chromium browsers because the domain set in the spec bridge is localhost

[chrisbreiding]

Looks good! But after viewing all these diffs, I now having this burned into my mind 😜

[AtofStryker]

Looks good! But after viewing all these diffs, I now having this burned into my mind 😜

How else would you know it's the World Wide Web? 😆

[cypress-bot]

Released in 10.10.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v10.10.0, please open a new issue.