Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
chromeWebSecurity workaround for Cross origin errors no longer working.
See original GitHub issueCurrent behavior:
Using { "chromeWebSecurity": false } is not being respected when the test is running since the upgrade from Chrome 66 -> 67.
CypressError: Cypress detected a cross origin error happened on page load:
Blocked a frame with origin "url" from accessing a cross-origin frame.
Before the page load, you were bound to the origin policy:
url2
Desired behavior:
Previously the bypass would allow the test to run and pass over the error
Steps to reproduce:
https://github.com/jjp390/cypress-test-tiny
From here, run npx cypress open and then run the test spec.js and it will throw the error at the end despite the added file in cypress.json
Versions
Cypress 3.0.1, OSX 10.13.5, Chrome 67
Issue Analytics
- State:
- Created 5 years ago
- Reactions:8
- Comments:27 (6 by maintainers)
Top Results From Across the Web
CORS still working after disabling browser web security
I ran the code with web security enabled and I get the same CORS error, as expected. But then I disable web security,...
Read more >Web Security - Cypress Documentation
Common Workarounds. Let's investigate how you might encounter cross-origin errors in your test code and break down how to work around them in...
Read more >Run Chrome browser without CORS - Aleksandr Filatov
Since Chrome 22+ you will get an error message that says: You are using an unsupported command-line flag: --disable-web-security .
Read more >Configuring Cypress to work with iFrames & cross-origin sites.
Display insecure content; Navigate to any superdomain without cross origin errors; Access cross origin iframes that are embedded in your application.
Read more >Web Security - Cypress - w3resource
Let us investigate how you might encounter cross-origin errors in your test code and break down how to work around them in Cypress....
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I looked into this and it’s because in Chrome 67 they’ve begun to randomly roll out Site Isolation.
It’s currently a Known Isssue documented here that this breaks the
--disable-web-securityflag. http://www.chromium.org/Home/chromium-security/site-isolationI believe that because it is a random rollout then only a subset of users are experiencing this. Did you know that Chrome does A/B experiments and collects the usage?
It’s likely that either Chrome 69 (currently Canary) has either fixed this or, or on that browser you do not have Site Isolation enabled.
TO FIX THIS:
Add the
--disable-site-isolation-trialsargument to chrome via https://docs.cypress.io/api/plugins/browser-launch-api.html#UsageWe’ll go ahead and update the flags to include this by default.
IN THE FUTURE:
Chrome upgrades should never really affect you this much. For instance, nobody is ever forcing you to upgrade. Whenever newer versions come out that break things in Cypress you should:
You can download Chromium here: https://chromium.woolyss.com/download/
This site also has links to download previous version of Chromium:
For those who come here after me, the only thing I had to do was modify the
cypress.jsonfile and add:Reference: Disabling Web Security from the Cypress Docs