Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Framebusting on 3rd party sites break Cypress automation #886

Closed
brian-mann opened this issue Nov 7, 2017 · 4 comments
Closed

Framebusting on 3rd party sites break Cypress automation #886

brian-mann opened this issue Nov 7, 2017 · 4 comments
Assignees
Milestone

Comments

@brian-mann
Copy link
Member

@brian-mann brian-mann commented Nov 7, 2017

Sites that implement old school security measures such as clickjacking or framebusting break Cypress.

@brian-mann
Copy link
Member Author

@brian-mann brian-mann commented Feb 11, 2018

A study of common framebusting / clickjacking techniques.

https://seclab.stanford.edu/websec/framebusting/framebust.pdf

We will likely implement enough to cover the bases described here on page 3

unique sites conditional statement
38% if (top != self)
22.5% if (top.location != self.location)
13.5% if (top.location != location)
8% if (parent.frames.length > 0)
5.5% if (window != top)
5.5% if (window.top !== window.self)
2% if (window.self != window.top)
2% if (parent && parent != window)
2% if (parent && parent.frames && parent.frames.length>0)
2% if((self.parent&&!(self.parent===self))&&(self.parent.frames.length!=0))
@brian-mann brian-mann self-assigned this Feb 11, 2018
@brian-mann brian-mann added this to the 2.0.0 milestone Feb 11, 2018
brian-mann added a commit that referenced this issue Feb 11, 2018
…ting and clickjacking security measures

- add modifyObjectiveCode config, true by default
@brian-mann
Copy link
Member Author

@brian-mann brian-mann commented Feb 16, 2018

Released in 2.0.0.

@miohtama
Copy link

@miohtama miohtama commented Jul 20, 2020

I have encountered a script that is not correctly fixed by the current Cypress network layer modification. What would be the best place to discuss how to update the framebuster support to cover this?

Specifically, it is a Xsolla login iframe https://xsolla.com/products/login

@jennifer-shehane
Copy link
Member

@jennifer-shehane jennifer-shehane commented Jul 20, 2020

@miohtama Please open a new issue with a fully reproducible example that we can run. There may be a specific edge case with the issue that we need more detail to fix.

@cypress-io cypress-io locked as resolved and limited conversation to collaborators Jul 20, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants