feat: experimental skip domain injection #25307
Conversation
…t.domain overwritting
…n iframe and spec bridge iframes. Also adapt CORS policy to use same-origin if experimental flag is set
|
Thanks for taking the time to open a PR!
|
cli/types/cypress.d.ts
Outdated
| * @see https://developer.mozilla.org/en-US/docs/Web/API/Document/domain | ||
| * @default false | ||
| */ | ||
| experimentalUseDefaultDocumentDomain: boolean |
There was a problem hiding this comment.
What changes would it take to make this the default behavior for all users (taking it out of experimental)?
There was a problem hiding this comment.
I think it depends where we land, whether its an "all or nothing" approach like what's implemented right now or something that is configurable per domain. As for now, the only thing we would need to do to take this out of experimental is making the policyForDomain always same-origin and reverse the conditional which is pretty straight forward. And the change would be breaking.
However I think right now it likely may not work with same origin iframes within the AUT, since we need partial document.domain injection for same-origin localhost iframes. There might need to be some caveats around this, which would probably be a good idea to document.
|
Test summaryRun details
View run in Cypress Dashboard ➡️ Flakiness
This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard |
||||||||||||||||||||||||||||||||||||||||||||||||||
feat: cut over experimental flag to take list of known problematic domains via string/glob pattern run ci chore: update system test and fix broken config
AtofStryker
force-pushed
the
feat/experimentalDefaultDocumentDomain
branch
from
3d391c3 to
fc18ac6
Compare
…no longer use google to test against injection as we do not inject document.domain on google domains
…erimentalDefaultDocumentDomain
…receive document.domain injection. Kept test same by changing URL
…faults to users to configure
Currently we are just reusing the |
…ypress-io/cypress into feat/experimentalDefaultDocumentDomain
…erimentalDefaultDocumentDomain
|
@emilyrohrbough the cross origin error looks something like this for subdomains with the option configured correctly: |
| const code = errPartial` | ||
| { | ||
| e2e: { | ||
| experimentalSkipDomainInjection: ['*.salesforce.com', '*.force.com', '*.google.com', 'google.com'] |
There was a problem hiding this comment.
should I go with something less specific here?
There was a problem hiding this comment.
I've opened the #24418 issue, and I think this should be changed for the following domains also: *.my.site.com
taken from https://help.salesforce.com/s/articleView?id=sf.domain_name_enhanced.htm&type=5
There was a problem hiding this comment.
@alexanderg1982 this should resolve #24418. This line here is more so to recommend users on how to configure the option if the config isn't inside the e2e object. I think it's too specific since we just want to recommend where to move the option. When we release this, you should be able to do:
experimentalSkipDomainInjection: ['power-inspiration-1088-dev-ed.scratch.my.site.com']
There was a problem hiding this comment.
@AtofStryker Maybe it would be good to call out this is a recommendation?
There was a problem hiding this comment.
I'm wondering if we just want to reference the enhanced domain names in the docs?
There was a problem hiding this comment.
@alexanderg1982 I added the enhanced domain reference in the docs to help guide the correct domains. Thank you for sharing this!
I do think this would be helpful, especially because there are workflows working for users when on Firefox so it'd could be helpful to provide more direction. |
emilyrohrbough
changed the title
…erimentalDefaultDocumentDomain
…erimentalDefaultDocumentDomain
|
Added some context in the cross origin error @emilyrohrbough in e27acf7 . It isn't smart enough right now to compare the url, but we could add that in the future or if we really think it would be helpful right now |
* develop: (45 commits) fix: re-enable CYPRESS_INTERNAL_VITE_DEV development (#25364) fix: add skip domain injection description (#25463) fix: revert CSP header and script-src addition (#25445) chore: Update v8 snapshot cache (#25401) feat: Do not strip CSP headers from HTTPResponse (#24760) fix: keep spaces in formatted output in test runner (#24687) fix: Restrict dependency versions to known supported ranges (#25380) chore: Update v8 snapshot cache (#25370) feat: experimental skip domain injection (#25307) chore: support vite v4 for component testing (#25365) feat: Use JSX/TSX in generated spec filenames (#25318) docs(angular): Properties that are spied upon have to be defined within `componentProperties` instead of on root level. (#25359) chore: remove lint-changed from scripts/docs (#25308) chore: bump to 12.3.0 [skip ci] (#25355) fix: make NODE_ENV "production" for prod builds of launchpad (#25320) fix: .contains() should only return one element at all times (#25250) feat: add currentRetry to Cypress API (#25297) chore: release @cypress/webpack-dev-server-v3.2.2 chore: release create-cypress-tests-v2.0.1 fix: change wording for spec creation (#25271) ...
|
Released in This comment thread has been locked. If you are still experiencing this issue after upgrading to |
experimentalModifyObstructiveThirdPartyCodeoption enabled)User facing changelog
Adds the
experimentalSkipDomainInjectionoption to disable Cypress from settingdocument.domainon injection.The
experimentalSkipDomainInjectionoption is either an array of strings/globs to match against url hostnames. If there is a match,document.domainwill not be injected. This means that all cross-origin navigations in the provided config, including sub domain navigations, will require acy.origin()block for Cypress to interact with the page.Additional details
The goal of this flag is to unblock Cypress users who are running into
document.domainissues with the sites they are testing, which includes Salesforce Winter '22. This can also be a diagnostic tool in the future as well for other sites where we expectdocument.domainto possibly be an issue, and we can simply ask users to toggle on the flag and see if the situation improvesCurrently the goal of this experimental flag is to unblock users with
document.domain. We want to observe this experiment usage which should educate how it evolves over time. There are no plans to make this feature GA, and at best this may be a supported configuration option in the future that is not experimental (unless setting document.domain is fully removed, in which case we may revisit this).cypress-documentationlikely will need to add info snippets in the following areas, including information on the experimental flag (added in cypress-io/cypress-documentation#4955):Steps to test
Since this change requires a experimental config option that the server needs to be aware of, system tests were added to fully test the expected behavior in regards to navigation
How has the user experience changed?
PR Tasks
cypress-documentation?Chore: add experimentalSkipDomainInjection option cypress-documentation#4955type definitions?