-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SRI integrity attribute fails to get rewritten when a redirection page ends up with a different domain #8769
Comments
Hi @jennifer-shehane could you please confirm if this is the expected behavior? Thanks. |
Can you explain how this redirection is happening? How are you navigating to a different domain other than the domain in the Cypress window? |
Hi @jennifer-shehane thanks very much for your reply. Redirecting to a different domain after SSO login happens. Is it correct that integrity attribute cannot be rewritten if the redirection ends up with a different domain? |
Hi @jennifer-shehane could you please verify if integrity attribute cannot be rewritten if the redirection ends up with a different domain? Thanks. |
Hi @jennifer-shehane do you need more information? Thanks. |
From my memory, I think we do not strip integrity properties from cross domain redirects. |
Hi @jennifer-shehane could you please add this feature? Thanks. |
Hi @jennifer-shehane and @flotwig could we strip integrity attributes from cross domain redirects? Thanks. |
This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided. |
This issue has been closed due to inactivity. |
Current behavior
Our test app starts with
zero.com
and redirects to a page with the different domainzero-test.com
in the middle of the workflow.According to #2393 (comment), I have set
experimentalSourceRewriting
totrue
. I did see the integrity attribute gets rewritten when the runner container's iframe src has the same domain as the running page, but it does not when the redirection page has a different domain.The iframe src is set to domain
![runner_container_iframe_src](https://user-images.githubusercontent.com/18545475/95314356-b280f800-08ed-11eb-9883-95646eff5292.PNG)
zero.com
at the beginning of the test.If the redirection page's domain is different, e.g.,
![integrity](https://user-images.githubusercontent.com/18545475/95314383-b876d900-08ed-11eb-94fe-b0e1f28c03e3.PNG)
zero-test.com
, integrity attribute does not get rewritten.Desired behavior
The integrity attribute gets rewritten to
cypress:stripped-integrity
even if domains are different otherwise resources are blocked.Versions
Cypress: 5.3.0
Chrome: 85
Windows: 10
The text was updated successfully, but these errors were encountered: