Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Avoid creating cookie prepended with dot ('.')

See original GitHub issue

Current behavior

First, i have to tell that I am testing a company internal SSO implementation (based on Keycloak). I saw this comment (https://github.com/cypress-io/cypress/issues/1342#issuecomment-366747803) on another issue which tells to test SSO with cy.request to simulate the authentication flow. In our case, we precisely want to test the flow, involving usage of multiple cookies with different domains, all set by Keycloak, not by cy.setCookie().

Current behavior:

When user is authenticated, Keycloak sets some cookies but cypress duplicates them with domain prefixed by a dot. In the cypress console, we can see cookies set by cypress:

[
   
    {
        "name": "KEYCLOAK_IDENTITY",
        "value": "",
        "path": "/auth/realms/myrealm/",
        "domain": ".keycloak.local",
        "secure": false,
        "httpOnly": true,
        "sameSite": "lax"
    },
]

Keycloak set this one in the server response:

 {
        "name": "KEYCLOAK_IDENTITY",
        "value": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIxNzA2N2ZhNS03NjQ2LTRmNjUtOTBkZi1jYWE5NjJmZThjODcifQ.eyJleHAiOjE3MzE1NzU5NDQsImlhdCI6MTY3MTA5NTk0NCwianRpIjoiYmYyNGRhMDItZmU4MS00OWQ3LTk1MzgtMjU0NDk5NDQ5ZmFi......",
        "path": "/auth/realms/myrealm/",
        "domain": "keycloak.local",
        "secure": true,
        "httpOnly": true,
        "hostOnly": true,
        "sameSite": "no_restriction"
    },

Desired behavior

Cypress should allow to disable the automatic creation of new cookies prefixed by a dot. At least, the value should not be empty.

Test code to reproduce

Too difficult to provide here, it needs a full setup of Keycloak with multiple applications to test SSO.

This issue is already detailed in other issues :

We have found a workaround which is to manually remove all cookies automatically set by Cypress, which is a very dirty hack:

When("user register", () => {
  cy.clickJsConsoleLogin();
  cy.registerRandomUser();
  cy.activateEmail();
  cy.clearCookie('KEYCLOAK_IDENTITY', {domain: Cypress.env('keycloakUrl').replace('https://', '.')})
});

Cypress Version

12.1.0

Node version

14.18.0

Operating System

Ubuntu 20.04

Debug Logs

No response

Other

No response

Issue Analytics

State:
Created 9 months ago
Reactions:1
Comments:11 (7 by maintainers)

Top GitHub Comments

2reactions

verheyenkoencommented, Dec 15, 2022

Similar issue with a go-based-backend. The cypress intervention (likely by using document.cookie = '...') causes a second cookie with dot-prefix to be present which is also sent back-and-forth to the server and the server cannot deal with it, causing behavior you don’t get without Cypress.

0reactions

AtofStrykercommented, Dec 20, 2022

We did significant cookie work for Cypress 12, including introducing new cookie commands and behaviors. My guess is this is an unintended side effect of those changes. Hopefully we can investigate soon!