Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Cypress silently drops secure cookies from requests (Chromium), fails to set secure cookie at all (Firefox)
See original GitHub issueCurrent behavior
Cypress misbehaves when managing secure cookies on localhost.
Chromium
Cypress visits some path (e.g., /set-cookie) that sets a secure cookie. Then, Cypress visits another path (/) that reads the cookie value. On that second request, Cypress doesn’t send the cookie. Chromium indicates the cookie is sent, but the web server doesn’t receive it, and a MitM proxy shows the cookie is not in the request. If the cookie is not marked as secure, everything behaves correctly.
The attached reproduction repo provides the details about this test.
Cookie in devtools:
Request that pretends to send the cookie:
Intercepted request:
For comparison, here’s the intercepted request when using an insecure cookie:
Firefox
In Firefox, the secure cookie is never set in the first place.
Devtools prints: Cookie “mySecureCookie” has been rejected because a non-HTTPS cookie can’t be set as “secure”. (Related: #16611)
Desired behavior
localhost is considered a secure browsing context, and the repro app works correctly outside of Cypress. Setting and transmitting a secure cookie on localhost should be successful. Failing that, Chromium should not lie about whether the cookie is being sent.
Test code to reproduce
Here’s an app I put together that minimally reproduces the issue, with failing Cypress tests.
npm install, npm start to launch the web server, npm test to show the Cypress tests demonstrating the failure.
Cypress Version
8.7.0
Other
If I open a normal Chromium or Firefox instance, everything works correctly. This only happens under Cypress’ automation.
Chromium version: 94.0.4606.81 (openSUSE Build) stable (64-bit)
Firefox version: 93.0 (64-bit)
Issue Analytics
- State:
- Created 2 years ago
- Reactions:14
- Comments:5
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Workaround:
Instead of using cy.visit(), get the window object and manually set location.href.
e.g.
I am also observing this issue and it significantly impedes our ability to implement and run Cypress tests for our application when it’s running locally.
Any update on resolving this problem would be greatly appreciated, or if anyone knows of a workaround we can implement in the meantime, that would be great!