You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In preparation for experimentalSessionAndOrigin to go GA, we likely need to move the XmlHttpRequest and Fetch injections into the injection/cross-origin.js file. Since Cypress may or may not be instantiated yet, we might be able to leverage postMessage to send credentialStatus and resourceType to the primary, and the primary sends the information to the web socket.
Currently the Cypress.backend request happens before the request is actually send to the server, which usually almost always means that the credentials are stored in the map by the time the proxy tries to access them. If using postMessage, this might no longer be the case, and the proxy may need to listen for an event or poll until it finds the credentials it needs without slowing down the proxy server
Why is this needed?
Given the following example:
it('does a cross-origin navigation', () => {
cy.visit('https://localhost:8080/index.html')
cy.visit('https://www.foobar.com/index.html')
/**
* After visit, The AUT calls:
*
* fetch('www.boobaz.com/test-request', { credentials: 'include' })
*
* Since there is no cy.origin block active, or maybe the patch happens after the request,
* we are unable to infer the credentials in the proxy, which essentially leads to
* the ability of the request for www.boobaz.com/test-request does not attach cookies nor
* has the ability to set them. This might be a problem for those who attach a cy.origin lazily after visit,
* or are using cy.visit with chromeWebSecurity: false without cy.origin blocks.
*/
})
Other
No response
The text was updated successfully, but these errors were encountered:
AtofStryker
changed the title
Move XmlHttpRequest and Fetch patches to main injection code
Move XmlHttpRequest and Fetch patches to cross-origin injection code
Sep 23, 2022
currently without a cy.origin block, we can't actually figure out what credentials were applied, and also leaves errors for when the cy.origin block is attached. One possible solution is to send the url and credential status of postMessage to the primary, and send this up to the backend. If we can figure out a graceful way to handle the possible race condition of which gets there first, a) the request or b) the credentials, this could be a good way forward. This shouldn't block release immediately, but needs to be figured out before going GA
The code for this is done in cypress-io/cypress#24243, but has yet to be released.
We'll update this issue and reference the changelog when it's released.
What would you like?
In preparation for
experimentalSessionAndOrigin
to go GA, we likely need to move the XmlHttpRequest and Fetch injections into theinjection/cross-origin.js
file. Since Cypress may or may not be instantiated yet, we might be able to leveragepostMessage
to send credentialStatus and resourceType to the primary, and the primary sends the information to the web socket.Currently the
Cypress.backend
request happens before the request is actually send to the server, which usually almost always means that the credentials are stored in the map by the time the proxy tries to access them. If usingpostMessage
, this might no longer be the case, and the proxy may need to listen for an event or poll until it finds the credentials it needs without slowing down the proxy serverWhy is this needed?
Given the following example:
Other
No response
The text was updated successfully, but these errors were encountered: