Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Cypress incorrectly validates domain of cookies in 3.5.0

See original GitHub issue

Current behavior:

Cookies are failing to set for subdomains during cy.request. E.g. we call /auth of auth.test.server and it returns token cookie with .test.server. In this case cookie is not set.

Desired behavior:

Cookie is set in above example.

Steps to reproduce: (app code and test code)

Look at packages/server/lib/request.coffee#setCookiesOnBrowser:

return if not tough.domainMatch(cookie.domain, parsedUrl.hostname)

And at tough-cookie documentation:

domainMatch(str,domStr[,canonicalize=true])
Answers "does this real domain match the domain in a cookie?". The str is the "current" domain-name and the domStr is the "cookie" domain-name. Matches according to RFC6265 Section 5.1.3, but it helps to think of it as a "suffix match".

So it should be:

return if not tough.domainMatch(parsedUrl.hostname, cookie.domain)

Versions

>=3.5.0

Issue Analytics

State:
Created 4 years ago
Comments:8 (1 by maintainers)

Top GitHub Comments

2reactions

tozescommented, Nov 27, 2019

+1, as discussed here, we have exactly the same issue which is stopping us for upgrading from 3.4.1

1reaction

fernandopasikcommented, Nov 25, 2019

@tozes your link was broken https://github.com/cypress-io/cypress/issues/5688#issuecomment-558212709

Top Results From Across the Web

Incorrect domain when setting cookie · Issue #9158 - GitHub

When setting a cookie with cy.setCookie("foo", "bar") , domain is not set according to doc: Given the current URL is https://another ...

Changelog - Cypress Documentation

The Cookie commands now uses the hostname as the domain by default instead of the superdomain . This change aligns Cypress' cookie rules...

Cypress + 2 Super Domains + AntiforgeryToken = Cypress ...

The product uses an SSO-based login page with a different super domain from the product. This creates a problem with cookies. Indeed, access...

sVL - River Thames Conditions - Environment Agency - GOV.UK

Niche como podre disimular cardona, Sabaton urising, St stephen wiki grateful dead, Why astral projection is good, Share problem windows xp, Overjanje, ...

Third-Party Software Acknowledgments - TechDocs

@testing-library/cypress 7.0.1. @testing-library/user-event 12.1.6 ... blackbox-vision/ra-language-spanish 3.5.0 ... validate-commit-msg 2.11.2.