SRI integrity attribute fails to get rewritten when a redirection page ends up with a different domain

[yunj]

Current behavior

Our test app starts with zero.com and redirects to a page with the different domain zero-test.com in the middle of the workflow.
According to #2393 (comment), I have set experimentalSourceRewriting to true. I did see the integrity attribute gets rewritten when the runner container's iframe src has the same domain as the running page, but it does not when the redirection page has a different domain.

The iframe src is set to domain zero.com at the beginning of the test.

If the redirection page's domain is different, e.g., zero-test.com, integrity attribute does not get rewritten.

Desired behavior

The integrity attribute gets rewritten to cypress:stripped-integrity even if domains are different otherwise resources are blocked.

Versions

Cypress: 5.3.0
Chrome: 85
Windows: 10

[yunj]

Hi @jennifer-shehane could you please confirm if this is the expected behavior? Thanks.

[jennifer-shehane]

Can you explain how this redirection is happening? How are you navigating to a different domain other than the domain in the Cypress window?

[yunj]

Hi @jennifer-shehane thanks very much for your reply. Redirecting to a different domain after SSO login happens. Is it correct that integrity attribute cannot be rewritten if the redirection ends up with a different domain?

[yunj]

Hi @jennifer-shehane could you please verify if integrity attribute cannot be rewritten if the redirection ends up with a different domain? Thanks.

[yunj]

Hi @jennifer-shehane do you need more information? Thanks.

[jennifer-shehane]

From my memory, I think we do not strip integrity properties from cross domain redirects.

[yunj]

Hi @jennifer-shehane could you please add this feature? Thanks.

[yunj]

Hi @jennifer-shehane and @flotwig could we strip integrity attributes from cross domain redirects? Thanks.

[cypress-app-bot]

This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided.

[cypress-app-bot]

This issue has been closed due to inactivity.