cy.getCookies() Does Not Return Cookies Whose Domain Does Not Correspond with baseUrl

[todd-m-kemp]

Current behavior

cy.getCookies() returns only the cookies whose domain matches that of baseUrl.

Desired behavior

cy.getCookies() should return all cookies, regardless of their domain.

Test code to reproduce

With the baseUrl set to "https://cypress.io", run the following test:

context('Cookies with Different Domains', function () {
  it('Test', function () {
    cy.setCookie('cookie1', 'value 1', { domain: 'domain1.cypress.io' });
    cy.setCookie('cookie2', 'value 2', { domain: 'domain2.cypress.io' });
    cy.setCookie('cookie3', 'value 3', { domain: 'domain3.different.io' });
    cy.getCookies()
      .should('have.length', 3); // Fails; length is 2.
  });
});

cy.getCookies() returns only the cookies whose domain ends in cypress.io. The cookie ending in different.io is missing.

If baseUrl is https://different.io instead, then only cookie3 is returned.

Versions

Cypress version 5.4.0, Chrome 86, macOS 10.15.6.

[johot]

I found the same problem for cy.getCookie(name) this occured for me because I was visiting my frontend on locahost but the backend was running in a local-test-env.com location.

Seems like a security issue almost. What if I want to test my code on localhost but with a backend running somewhere else? I can then easily get these kinds of problems.

[OmarSlame]

is there any workaround to get all existing cookies in all domains?

[aryzing]

Sorry for the bump, it's been a while. Any chance this bug can be addressed? Checking for cookies form other domains is critical to several areas, including security, analytics, and authentication. What's stopping this issue moving forward?

[rubencodes]

For everyone here looking for a work-around, it looks like this trick from the clearCookies API also works with getCookies.

Cypress.Commands.add("getAllCookies", () => {
	// Undocumented `domain` parameter, which seems to be the only way to
	// reliably get cross-origin cookies.
	// See: https://github.com/cypress-io/cypress/issues/781#issuecomment-783412186
	// @ts-ignore
	return cy.getCookies({ domain: null });
});

Would love a more "official" API/solution, but this worked for me.

[cypress-bot]

The code for this is done in cypress-io/cypress#25012, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

[cypress-bot]

Released in 12.1.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v12.1.0, please open a new issue.