Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cookie behavior issue after 10.3.0 #23132

Closed
lehmat opened this issue Aug 5, 2022 · 31 comments · Fixed by #23438
Closed

Cookie behavior issue after 10.3.0 #23132

lehmat opened this issue Aug 5, 2022 · 31 comments · Fixed by #23438
Assignees
@AtofStryker
Labels
topic: cookies 🍪 topic: cy.origin Problems or enhancements related to cy.origin command type: bug

Comments

@lehmat
Copy link

lehmat commented Aug 5, 2022

Current behavior

localhost cookies are not sent on separate ports. In example we have the following setup:

Frontend -> localhost:5000
API -> localhost:5002
OAUTH2 -> localhost:5005

The frontend does not send cookies to API after 10.3.0 (see flow in extra information).

Desired behavior

Frontend should be sending API cookies as normal

Test code to reproduce

N/A

Cypress Version

10.3.0

Other

image
@karlhorky
Copy link
Contributor

@lehmat are you sure that this happens on 10.3.1? I'm seeing something similar, but only starting on 10.4.0...

@karlhorky
Copy link
Contributor

karlhorky commented Aug 5, 2022
edited
Loading

Wonder if the latest cross-origin cookie changes in the 10.4.0 changelog could be related:

PR #22963: Fixes issue where cookies were not handled within cy.origin for requests other than the AUT page request. Fixes #22952 & #21474.

PR #22963 by @mschile , approved by @mjhenkes @AtofStryker @chrisbreiding @emilyrohrbough

To be clear our code / tests with localhost cookies on multiple ports was NOT having problems with 10.3.1, even though in the changelog entry for 10.3.1, there was a change pertaining to cross-origin cookie work.

@AtofStryker AtofStryker self-assigned this Aug 5, 2022
@cypress-bot cypress-bot bot added the stage: investigating Someone from Cypress is looking into this label Aug 5, 2022
@AtofStryker
Copy link
Contributor

Hi @lehmat. Thank you for opening an issue. Was this behavior working in 10.2.0 and just broke in 10.3.0? We did make some large cookie changes in #20685 that released in 10.3.0. Are you able to provide a reproduction, maybe something that runs on a few services on localhost ports we can spin up with a few dev servers to see what is happening with the cookies?

What I think would make more sense is what @karlhorky has said here. 10.4.0 mostly pertains to attaching cookies to XHR/Fetch resources besides just Document resources with the experimentalSessionAndOrigin flag on when cross origin comes into play. Though I have a hunch as to what might be happening. The API calls you are using to broker OAuth2 flow were not being classified as isAUTFrame and are XHR/Fetch requests, which means the Set-Cookie header was being used in 10.3.1. Now that IsAUTFrame is no longer required in the check, I have a feeling checkIfNeedsCrossOriginHandling is evaluating to true because cors.urlOriginsMatch treats different ports as a origin mismatch. This means X-Set-Cookie is being used, when it likely shouldn't be. Whether this is causing your issue or not, I am fairly convinced this is a bug, and removing the isAUTFrame check exposed this.

Would you be able to confirm a few things for me. Can you run your Cypress test with DEBUG=cypress-verbose:proxy:http set, like DEBUG=cypress-verbose:proxy:http yarn cypress open? I would need you to do this twice, once in 10.3.1 and once in 10.4.0. This would confirm the X-Set-Cookie vs Set-Cookie belief, further proving this is an issue.

@karlhorky
Copy link
Contributor

karlhorky commented Aug 5, 2022
edited
Loading

One thing that I can confirm already now is that in my case, the cookies are not being set (the Application tab in Chrome confirms that no cookie has been set).

My environment:

  • localhost:3010 - API (Express) <-- sets the cookie on domain localhost in /login response
  • localhost:3020 - frontend web service (Next.js) <-- no cookie observed, login fails
  • no OAuth flow or iframe or anything

Cypress 10.3.1 works, 10.4.0 fails.

@AtofStryker
Copy link
Contributor

One thing that I can confirm already now is that in my case, the cookies are not being set (the Application tab in Chrome confirms that no cookie has been set).

My environment:

  • localhost:3020 - frontend web service (Next.js)
  • localhost:3010 - API (Express)
  • no OAuth flow or iframe or anything

Cypress 10.3.1 works, 10.4.0 fails.

Seems suspect. Let me know when you are able to run with the debug flags!

@karlhorky
Copy link
Contributor

karlhorky commented Aug 5, 2022
edited
Loading

I've updated the post above to be clear that the API (localhost:3010) is setting the cookie on localhost in the response from the /login API call, which starting with 10.4.0 is no longer being observed by the frontend (localhost:3020).

My hypothesis earlier today while I was looking at it was that the updated cross-origin handling of cookies that Cypress added is now treating localhost:3010 and localhost:3020 as different origins / domains for cookies - which does not match the behavior of browsers, nor RFC 6265:

Similarly, cookies for a given host are shared across all the ports on that host, even though the usual "same-origin policy" used by web browsers isolates content retrieved via different ports.

Cookies do not provide isolation by port.

@AtofStryker
Copy link
Contributor

I've updated the post above to be clear that the API (localhost:3010) is setting the cookie on localhost in the response from the /login API call, which starting with 10.4.0 is no longer being observed by the frontend (localhost:3020).

My hypothesis earlier today while I was looking at it was that the updated cross-origin handling of cookies that Cypress added is now treating localhost:3010 and localhost:3020 as different origins / domains for cookies - which does not match the behavior of browsers, nor RFC 6265:

Similarly, cookies for a given host are shared across all the ports on that host, even though the usual "same-origin policy" used by web browsers isolates content retrieved via different ports.

Cookies do not provide isolation by port.

Not sure if my response was unclear but this is what is being said in #23132 (comment). The debug logs should verify this issue via X-Set-Cookie vs Set-Cookie, which means we can route this to a team and hopefully release a patch soon.

@karlhorky
Copy link
Contributor

Below is what came back from running Cypress 10.4.0 with DEBUG=cypress-verbose:proxy:http . Maybe the second to last line is relevant.

  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingRequest proxying request { req: { method: 'POST', proxiedUrl: 'http://localhost:3010/login', headers: { host: 'localhost:3010', 'proxy-connection': 'keep-alive', 'content-length': '143', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', 'content-type': 'application/json', 'sec-ch-ua-mobile': '?0', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"macOS"', origin: 'http://localhost:3020', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:3020/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'en-US,en;q=0.9' } } } +4ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingRequest existing cookies on request:  +0ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingRequest Incoming request POST-http://localhost:3010/login matches known pre-request: { requestId: '61976.132', method: 'POST', url: 'http://localhost:3010/login', headers: { 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', Accept: 'application/json, text/plain, */*', Referer: 'http://localhost:3020/', 'Content-Type': 'application/json', 'sec-ch-ua-mobile': '?0', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"macOS"' }, resourceType: 'xhr', originalResourceType: 'XHR' } +0ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingResponse received response { req: { method: 'POST', proxiedUrl: 'http://localhost:3010/login', headers: { host: 'localhost:3010', 'proxy-connection': 'keep-alive', 'content-length': '143', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', 'content-type': 'application/json', 'sec-ch-ua-mobile': '?0', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"macOS"', origin: 'http://localhost:3020', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:3020/', 'accept-encoding': 'gzip', 'accept-language': 'en-US,en;q=0.9' } }, incomingRes: { headers: { 'x-powered-by': 'Express', 'access-control-allow-origin': 'http://localhost:3020', vary: 'Origin', 'access-control-allow-credentials': 'true', 'set-cookie': [Array], 'content-type': 'application/json; charset=utf-8', 'content-length': '386', etag: 'W/"182-gwaI9oJ8sMNoXrEIGqSDwgdpAoY"', date: 'Fri, 05 Aug 2022 23:12:12 GMT', connection: 'keep-alive', 'keep-alive': 'timeout=5' }, statusCode: 201 } } +266ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingResponse ensuring resStream is plaintext +0ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingResponse determine injection +1ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingResponse - no injection (not html) +0ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms
  cypress-verbose:proxy:http POST http://localhost:3010/login IncomingResponse adding cookie to jar failed: Cookie is SameSite but this is a cross-origin request +1ms
POST /login 201 268.699 ms - -

@lehmat
Copy link
Author

lehmat commented Aug 8, 2022

Hi,

We found this issue on first on 10.3.0 and it has not been fixed in the later releases. Below are logs from the DEBUG option requested.

Are you able to provide a reproduction, maybe something that runs on a few services on localhost ports we can spin up with a few dev servers to see what is happening with the cookies?

Unfortunately no

  • 10.2.0
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingRequest proxying request { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a4192c8170511ed86e00242ac12000a', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'en-GB', cookie: 'vuex-cookie; __cypress.initial=true', referer: 'http://localhost:5001/', 'sec-fetch-dest': 'iframe', 'sec-fetch-mode': 'navigate', 'sec-fetch-site': 'same-site', 'upgrade-insecure-requests': '1', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.2.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36', 'x-cypress-is-aut-frame': 'true' } } } +14ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingRequest matches pending pre-request { requestId: '2DA6F90A0DC45AA7CF2455DB34647D0C', method: 'GET', url: 'http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a4192c8170511ed86e00242ac12000a', headers: { Referer: 'http://localhost:5001/', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.2.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36' }, resourceType: 'other', originalResourceType: 'Document' } +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse received response { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a4192c8170511ed86e00242ac12000a', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'accept-encoding': 'gzip', 'accept-language': 'en-GB', cookie: 'vuex-cookie; __cypress.initial=true', referer: 'http://localhost:5001/', 'sec-fetch-dest': 'iframe', 'sec-fetch-mode': 'navigate', 'sec-fetch-site': 'same-site', 'upgrade-insecure-requests': '1', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.2.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36' } }, incomingRes: { headers: { server: 'Werkzeug', date: 'Mon, 08 Aug 2022 10:33:28 GMT', 'content-type': 'text/html; charset=utf-8', 'content-length': '251', location: 'http://localhost:5000/', 'cache-control': 'max-age=0, private, no-cache, no-store, must-revalidate, proxy-revalidate, no-transform', pragma: 'no-cache', expires: 'Mon, 08 Aug 2022 10:33:27 GMT', 'access-control-allow-origin': 'http://localhost:5000', 'access-control-allow-credentials': 'true', 'access-control-allow-methods': 'POST, DELETE, PATCH, PUT, GET, OPTIONS', 'access-control-allow-headers': 'Sentry-Trace, Accept, X-Api-Key, X-Amz-Date, X-Amz-Security-Token, X-Amz-User-Agent, X-CSRFToken, X-auth/csrftoken-Translate, Content-Type, Baggage, Authorization', 'access-control-expose-headers': '*', 'access-control-max-age': '600', 'x-content-type-options': 'nosniff', 'strict-transport-security': 'max-age=31536000; includeSubdomains;', 'expect-ct': 'max-age=0', vary: 'Cookie', 'set-cookie': [Array], connection: 'close' }, statusCode: 307 } } +771ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse is cross-origin, delay until cross:origin:release:html event +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse received cross:origin:release:html, let the response proceed +305ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse determine injection +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse - full injection +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse injection levels: { isInitial: true, wantsInjection: 'full', wantsSecurityRemoved: false } +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse force SameSite=None? true +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse original cookie: session=.eJwlzjuOAzEIANC7uN6R-BhscpkIDFa2nWyqVe6ekdK_4v23-z7r-Wi3v_NVP-3-m-3WWEnVhQZbOqOVoHdC12GRGEx7bLKRfQl12-4LWGMH6qpZU2PqZqRdTlNmgphyUeIljAZtFAlnCY5gXcYTFoKaU2afpN6uyOtZ53fTAy7ndeAAORArj4lKB1AnX0gAoO39AX5zNyg.YvDmeA.5Xw4nPrnWkyV6hy8L41GOKB4QsM; HttpOnly; Path=/ +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse add SameSite=None to cookie +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse add Secure to cookie +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse resulting cookie: session=.eJwlzjuOAzEIANC7uN6R-BhscpkIDFa2nWyqVe6ekdK_4v23-z7r-Wi3v_NVP-3-m-3WWEnVhQZbOqOVoHdC12GRGEx7bLKRfQl12-4LWGMH6qpZU2PqZqRdTlNmgphyUeIljAZtFAlnCY5gXcYTFoKaU2afpN6uyOtZ53fTAy7ndeAAORArj4lKB1AnX0gAoO39AX5zNyg.YvDmeA.5Xw4nPrnWkyV6hy8L41GOKB4QsM; HttpOnly; Path=/; SameSite=None; Secure +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=tNgQx50eIbqzOxgt&code=8a41... IncomingResponse redirecting to new url { statusCode: 307, newUrl: 'http://localhost:5000/' } +0ms


  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest proxying request { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/csrftoken', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.2.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:5000/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'en-GB', cookie: 'vuex-cookie' } } } +17ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest waiting for prerequest +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest matches pending pre-request { requestId: '20804.123', method: 'GET', url: 'http://localhost:5005/auth/csrftoken', headers: { Accept: 'application/json', Referer: 'http://localhost:5000/', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.2.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36' }, resourceType: 'xhr', originalResourceType: 'XHR' } +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse received response { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/csrftoken', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.2.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:5000/', 'accept-encoding': 'gzip', 'accept-language': 'en-GB', cookie: 'vuex-cookie' } }, incomingRes: { headers: { server: 'Werkzeug', date: 'Mon, 08 Aug 2022 10:33:24 GMT', 'content-type': 'application/json', 'content-length': '371', 'cache-control': 'max-age=0, private, no-cache, no-store, must-revalidate, proxy-revalidate, no-transform', pragma: 'no-cache', expires: 'Mon, 08 Aug 2022 10:33:23 GMT', 'access-control-allow-origin': 'http://localhost:5000', 'access-control-allow-credentials': 'true', 'access-control-allow-methods': 'POST, DELETE, PATCH, PUT, GET, OPTIONS', 'access-control-allow-headers': 'Sentry-Trace, Accept, X-Api-Key, X-Amz-Date, X-Amz-Security-Token, X-Amz-User-Agent, X-CSRFToken, X-auth/csrftoken-Translate, Content-Type, Baggage, Authorization', 'access-control-expose-headers': '*', 'access-control-max-age': '600', 'x-content-type-options': 'nosniff', 'strict-transport-security': 'max-age=31536000; includeSubdomains;', 'expect-ct': 'max-age=0', connection: 'close' }, statusCode: 200 } } +17ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse determine injection +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse - no injection (not html) +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms
  • 10.3.0
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingRequest proxying request { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e144a4170611ed81230242ac12000a', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'en-GB', cookie: 'vuex-cookie; __cypress.initial=true', referer: 'http://localhost:5001/', 'sec-fetch-dest': 'iframe', 'sec-fetch-mode': 'navigate', 'sec-fetch-site': 'same-site', 'upgrade-insecure-requests': '1', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36', 'x-cypress-is-aut-frame': 'true' } } } +17ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingRequest existing cookies on request: vuex-cookie; __cypress.initial=true +2ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingRequest Incoming request GET-http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e144a4170611ed81230242ac12000a matches known pre-request: { requestId: '8AA60454BFE37E6CAE56608840A8B23F', method: 'GET', url: 'http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e144a4170611ed81230242ac12000a', headers: { Referer: 'http://localhost:5001/', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36' }, resourceType: 'other', originalResourceType: 'Document' } +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingResponse received response { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e144a4170611ed81230242ac12000a', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'accept-encoding': 'gzip', 'accept-language': 'en-GB', cookie: 'vuex-cookie; __cypress.initial=true', referer: 'http://localhost:5001/', 'sec-fetch-dest': 'iframe', 'sec-fetch-mode': 'navigate', 'sec-fetch-site': 'same-site', 'upgrade-insecure-requests': '1', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36' } }, incomingRes: { headers: { server: 'Werkzeug', date: 'Mon, 08 Aug 2022 10:39:36 GMT', 'content-type': 'text/html; charset=utf-8', 'content-length': '251', location: 'http://localhost:5000/', 'cache-control': 'max-age=0, private, no-cache, no-store, must-revalidate, proxy-revalidate, no-transform', pragma: 'no-cache', expires: 'Mon, 08 Aug 2022 10:39:35 GMT', 'access-control-allow-origin': 'http://localhost:5000', 'access-control-allow-credentials': 'true', 'access-control-allow-methods': 'POST, DELETE, PATCH, PUT, GET, OPTIONS', 'access-control-allow-headers': 'Sentry-Trace, Accept, X-Api-Key, X-Amz-Date, X-Amz-Security-Token, X-Amz-User-Agent, X-CSRFToken, Content-Type, Baggage, Authorization', 'access-control-expose-headers': '*', 'access-control-max-age': '600', 'x-content-type-options': 'nosniff', 'strict-transport-security': 'max-age=31536000; includeSubdomains;', 'expect-ct': 'max-age=0', vary: 'Cookie', 'set-cookie': [Array], connection: 'close' }, statusCode: 307 } } +166ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingResponse is cross-origin, delay until cross:origin:release:html event +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingResponse received cross:origin:release:html, let the response proceed +306ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingResponse determine injection +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingResponse - full injection +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingResponse injection levels: { isInitial: true, wantsInjection: 'full', wantsSecurityRemoved: false } +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=bEIu43GAyKsUF3fN&code=65e1... IncomingResponse redirecting to new url { statusCode: 307, newUrl: 'http://localhost:5000/' } +6ms

  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest proxying request { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/csrftoken', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:5000/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'en-GB', cookie: 'vuex-cookie' } } } +4ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest existing cookies on request: vuex-cookie +2ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest Incoming request GET-http://localhost:5005/auth/csrftoken matches known pre-request: { requestId: '12960.123', method: 'GET', url: 'http://localhost:5005/auth/csrftoken', headers: { Accept: 'application/json', Referer: 'http://localhost:5000/', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36' }, resourceType: 'xhr', originalResourceType: 'XHR' } +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse received response { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/csrftoken', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.0 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:5000/', 'accept-encoding': 'gzip', 'accept-language': 'en-GB', cookie: 'vuex-cookie' } }, incomingRes: { headers: { server: 'Werkzeug', date: 'Mon, 08 Aug 2022 10:39:32 GMT', 'content-type': 'application/json', 'content-length': '371', 'cache-control': 'max-age=0, private, no-cache, no-store, must-revalidate, proxy-revalidate, no-transform', pragma: 'no-cache', expires: 'Mon, 08 Aug 2022 10:39:31 GMT', 'access-control-allow-origin': 'http://localhost:5000', 'access-control-allow-credentials': 'true', 'access-control-allow-methods': 'POST, DELETE, PATCH, PUT, GET, OPTIONS', 'access-control-allow-headers': 'Sentry-Trace, Accept, X-Api-Key, X-Amz-Date, X-Amz-Security-Token, X-Amz-User-Agent, X-CSRFToken, Content-Type, Baggage, Authorization', 'access-control-expose-headers': '*', 'access-control-max-age': '600', 'x-content-type-options': 'nosniff', 'strict-transport-security': 'max-age=31536000; includeSubdomains;', 'expect-ct': 'max-age=0', connection: 'close' }, statusCode: 200 } } +17ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse determine injection +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse - no injection (not html) +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms
  • 10.3.1
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingRequest proxying request { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=71349dcc170811edb1d70242ac12000a', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'en-GB', cookie: 'vuex-cookie; __cypress.initial=true', referer: 'http://localhost:5001/', 'sec-fetch-dest': 'iframe', 'sec-fetch-mode': 'navigate', 'sec-fetch-site': 'same-site', 'upgrade-insecure-requests': '1', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.1 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36', 'x-cypress-is-aut-frame': 'true' } } } +18ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingRequest existing cookies on request: vuex-cookie; __cypress.initial=true +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingRequest Incoming request GET-http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=71349dcc170811edb1d70242ac12000a matches known pre-request: { requestId: 'C76DA69C9D6E940BCF7BBEC7B92384E9', method: 'GET', url: 'http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=71349dcc170811edb1d70242ac12000a', headers: { Referer: 'http://localhost:5001/', 'Upgrade-Insecure-Requests': '1', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.1 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36' }, resourceType: 'other', originalResourceType: 'Document' } +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingResponse received response { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=71349dcc170811edb1d70242ac12000a', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9', 'accept-encoding': 'gzip', 'accept-language': 'en-GB', cookie: 'vuex-cookie; __cypress.initial=true', referer: 'http://localhost:5001/', 'sec-fetch-dest': 'iframe', 'sec-fetch-mode': 'navigate', 'sec-fetch-site': 'same-site', 'upgrade-insecure-requests': '1', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.1 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36' } }, incomingRes: { headers: { server: 'Werkzeug', date: 'Mon, 08 Aug 2022 10:54:14 GMT', 'content-type': 'text/html; charset=utf-8', 'content-length': '251', location: 'http://localhost:5000/', 'cache-control': 'max-age=0, private, no-cache, no-store, must-revalidate, proxy-revalidate, no-transform', pragma: 'no-cache', expires: 'Mon, 08 Aug 2022 10:54:13 GMT', 'access-control-allow-origin': 'http://localhost:5000', 'access-control-allow-credentials': 'true', 'access-control-allow-methods': 'POST, DELETE, PATCH, PUT, GET, OPTIONS', 'access-control-allow-headers': 'Sentry-Trace, Accept, X-Api-Key, X-Amz-Date, X-Amz-Security-Token, X-Amz-User-Agent, X-CSRFToken, Content-Type, Baggage, Authorization', 'access-control-expose-headers': '*', 'access-control-max-age': '600', 'x-content-type-options': 'nosniff', 'strict-transport-security': 'max-age=31536000; includeSubdomains;', 'expect-ct': 'max-age=0', vary: 'Cookie', 'set-cookie': [Array], connection: 'close' }, statusCode: 307 } } +119ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingResponse is cross-origin, delay until cross:origin:release:html event +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingResponse received cross:origin:release:html, let the response proceed +311ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingResponse determine injection +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingResponse - full injection +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingResponse injection levels: { isInitial: true, wantsInjection: 'full', wantsSecurityRemoved: false } +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/callback?state=3Bsv8dP2TqftJJRE&code=7134... IncomingResponse redirecting to new url { statusCode: 307, newUrl: 'http://localhost:5000/' } +5ms

  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest proxying request { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/csrftoken', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.1 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:5000/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'en-GB', cookie: 'vuex-cookie' } } } +8ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest existing cookies on request: vuex-cookie +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingRequest Incoming request GET-http://localhost:5005/auth/csrftoken matches known pre-request: { requestId: '27788.255', method: 'GET', url: 'http://localhost:5005/auth/csrftoken', headers: { Accept: 'application/json', Referer: 'http://localhost:5000/', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.1 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36' }, resourceType: 'xhr', originalResourceType: 'XHR' } +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse received response { req: { method: 'GET', proxiedUrl: 'http://localhost:5005/auth/csrftoken', headers: { host: 'localhost:5005', 'proxy-connection': 'keep-alive', accept: 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/10.3.1 Chrome/100.0.4896.160 Electron/18.3.0 Safari/537.36', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:5000/', 'accept-encoding': 'gzip', 'accept-language': 'en-GB', cookie: 'vuex-cookie' } }, incomingRes: { headers: { server: 'Werkzeug', date: 'Mon, 08 Aug 2022 10:54:15 GMT', 'content-type': 'application/json', 'content-length': '371', 'cache-control': 'max-age=0, private, no-cache, no-store, must-revalidate, proxy-revalidate, no-transform', pragma: 'no-cache', expires: 'Mon, 08 Aug 2022 10:54:14 GMT', 'access-control-allow-origin': 'http://localhost:5000', 'access-control-allow-credentials': 'true', 'access-control-allow-methods': 'POST, DELETE, PATCH, PUT, GET, OPTIONS', 'access-control-allow-headers': 'Sentry-Trace, Accept, X-Api-Key, X-Amz-Date, X-Amz-Security-Token, X-Amz-User-Agent, X-CSRFToken, X-auth/csrftoken-Translate, Content-Type, Baggage, Authorization', 'access-control-expose-headers': '*', 'access-control-max-age': '600', 'x-content-type-options': 'nosniff', 'strict-transport-security': 'max-age=31536000; includeSubdomains;', 'expect-ct': 'max-age=0', connection: 'close' }, statusCode: 200 } } +6ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse determine injection +1ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse - no injection (not html) +0ms
  cypress-verbose:proxy:http GET http://localhost:5005/auth/csrftoken IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms

@AtofStryker
Copy link
Contributor

@karlhorky @lehmat thank you both for providing those logs. I think we should have enough information to produce on our end, especially with @karlhorky 's logs containing the failed set cookie due to thinking the request is cross origin, when the cookie really should be set since it is same origin (using the request url and referrer here will be super helpful for us to write a good test)

@cypress-bot cypress-bot bot added stage: routed to e2e-auth and removed stage: investigating Someone from Cypress is looking into this labels Aug 8, 2022
@AtofStryker AtofStryker added topic: cy.origin Problems or enhancements related to cy.origin command E2E-auth topic: cookies 🍪 labels Aug 8, 2022
@AtofStryker AtofStryker removed their assignment Aug 8, 2022
@AtofStryker AtofStryker mentioned this issue Aug 9, 2022
Closed
@karlhorky
Copy link
Contributor

@AtofStryker glad to help! Any ETA yet on when someone will take a look at this?

@AtofStryker
Copy link
Contributor

@karlhorky not yet, but our team is planning tomorrow and this is likely coming up. We have some cookie issues we need to fix with experimentalSessionAndOrigin from 10.4.0.

@silipi
Copy link

silipi commented Aug 16, 2022

@AtofStryker I just find about this issue, then I downgrade to 10.2.0 and it works, my use case is pretty simple.
Do you guys have any ETA to fix this, after the planning you mentioned?

@AtofStryker
Copy link
Contributor

We met today and have the issue in the current sprint (I'm working the ticket). My guess is the fix is in the release in the next few weeks? Will keep you all updated. For now, if 10.2.0 is working for you, I would stay on that and then upgrade after the fix.

@mschile mschile added triage and removed triage labels Aug 18, 2022
@AtofStryker AtofStryker self-assigned this Aug 18, 2022
@AtofStryker AtofStryker linked a pull request Aug 18, 2022 that will close this issue
fix: same site cookie context and duplicate cookies #23438
Merged
4 tasks
@AtofStryker AtofStryker mentioned this issue Aug 18, 2022
Merged
4 tasks
@AtofStryker
Copy link
Contributor

@karlhorky @lehmat can both of you confirm if you have the experimentalSessionAndOrigin flag enabled or disabled? My assumption right now is that @karlhorky has it enabled based on the behavior he saw from 10.3.1 -> 10.4.0 and @lehmat may/may not have it enabled.

@lehmat
Copy link
Author

lehmat commented Aug 18, 2022

experimentalSessionAndOrigin is enabled

@karlhorky
Copy link
Contributor

Same with me, experimentalSessionAndOrigin is enabled - I am using it to store the login session.

@PhilFlash
Copy link

Hi, same problem here.

OK with cypress 10.3.0/10.3.1
Fails with cypress 10.4.0/10.6.0

Environment:
http://localhost:81 Api in PHP
http://localhost:4240 Frontend in Angular
no OAuth flow or iframe or anything
experimentalSessionAndOrigin is enabled

In 10.3.1, session show a cookie (tokenca) and a storage
In 10.4.0; session show a storage (and no cookie)

10.3.1

OPTIONS /cfart-admin-api/authenticate 200 22.444 ms - -
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest proxying request { req: { method: 'POST', proxiedUrl: 'http://localhost:81/cfart-admin-api/authenticate', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', 'content-length': '87', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', iwkey: 'ee68390a36b94dc367ae288a928cb7db', 'sec-ch-ua-mobile': '?0', 'content-type': 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"', origin: 'http://localhost:4240', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' } } } +317ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest existing cookies on request:  +1ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest Incoming request POST-http://localhost:81/cfart-admin-api/authenticate matches known pre-request: { requestId: '96832.134', method: 'POST', url: 'http://localhost:81/cfart-admin-api/authenticate', headers: { 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', 'sec-ch-ua-mobile': '?0', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'Content-Type': 'application/json', Accept: 'application/json, text/plain, */*', Referer: 'http://localhost:4240/', iwkey: 'ee68390a36b94dc367ae288a928cb7db', 'sec-ch-ua-platform': '"Windows"' }, resourceType: 'xhr', originalResourceType: 'XHR' } +1ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse received response { req: { method: 'POST', proxiedUrl: 'http://localhost:81/cfart-admin-api/authenticate', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', 'content-length': '87', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', iwkey: 'ee68390a36b94dc367ae288a928cb7db', 'sec-ch-ua-mobile': '?0', 'content-type': 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"', origin: 'http://localhost:4240', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7', cookie: '' } }, incomingRes: { headers: { date: 'Fri, 19 Aug 2022 17:12:25 GMT', server: 'Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.26 mod_fcgid/2.3.10-dev', 'x-powered-by': 'PHP/7.4.26', 'set-cookie': [Array], 'access-control-allow-origin': 'http://localhost:4240', 'access-control-allow-credentials': 'true', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0', pragma: 'no-cache', 'content-length': '134', 'keep-alive': 'timeout=5, max=99', connection: 'Keep-Alive', 'content-type': 'application/json' }, statusCode: 200 } } +15ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse determine injection +1ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse - no injection (not html) +0ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse adding cookie to jar failed: Cookie is SameSite but this is a cross-origin request +1ms
POST /cfart-admin-api/authenticate 200 19.520 ms - -
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest proxying request { req: { method: 'OPTIONS', proxiedUrl: 'http://localhost:81/cfart-admin-api/programs', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', accept: '*/*', 'access-control-request-method': 'GET', 'access-control-request-headers': 'iwkey', origin: 'http://localhost:4240', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'same-site', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' } } } +15ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest existing cookies on request:  +3ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest Incoming request OPTIONS-http://localhost:81/cfart-admin-api/programs matches known pre-request: { requestId: '00147AE2E24DCA53A2E499174F34AD56', method: 'OPTIONS', url: 'http://localhost:81/cfart-admin-api/programs', headers: { Accept: '*/*', 'Access-Control-Request-Headers': 'iwkey', 'Access-Control-Request-Method': 'GET', Origin: 'http://localhost:4240', 'Sec-Fetch-Mode': 'cors', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36' }, resourceType: 'other', originalResourceType: 'Other' } +1ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingResponse received response { req: { method: 'OPTIONS', proxiedUrl: 'http://localhost:81/cfart-admin-api/programs', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', accept: '*/*', 'access-control-request-method': 'GET', 'access-control-request-headers': 'iwkey', origin: 'http://localhost:4240', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'same-site', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7', cookie: '' } }, incomingRes: { headers: { date: 'Fri, 19 Aug 2022 17:12:25 GMT', server: 'Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.26 mod_fcgid/2.3.10-dev', 'x-powered-by': 'PHP/7.4.26', 'access-control-allow-methods': 'GET, POST', 'access-control-allow-headers': 'Content-Type, Accept, iwkey', 'access-control-allow-origin': 'http://localhost:4240', 'access-control-allow-credentials': 'true', 'content-length': '0', 'keep-alive': 'timeout=5, max=98', connection: 'Keep-Alive', 'content-type': 'text/html; charset=UTF-8' }, statusCode: 200 } } +10ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingResponse determine injection +0ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingResponse - no injection (not html) +1ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms
OPTIONS /cfart-admin-api/programs 200 15.671 ms - -
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest proxying request { req: { method: 'GET', proxiedUrl: 'http://localhost:81/cfart-admin-api/programs', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', iwkey: '3c880b4826f763901c913ac0e0dacc53', 'sec-ch-ua-mobile': '?0', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"', origin: 'http://localhost:4240', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7', cookie: 'tokenca=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOjEwMDIsInVzZXJuYW1lIjoiQWRtaW4gQ2F0YWxvZ3VlIiwicm9sZSI6ImNhbXB1cy1hZG1pbiIsImlzcyI6ImNmYXJ0LmNhbXB1c2ZyYW5jZS5vcmciLCJhdWQiOiJjZmFydC5jYW1wdXNmcmFuY2Uub3JnIiwiaWF0IjoxNjYwOTI5MTQ1LCJleHAiOjE2NjA5NDM1NDV9.HY18B74vs91Joxw-om4dd-KstPVpNVhRt6Qc4Vl20kV8nVPnIRrKvhNHQen_8tIqn987b5HhmM-vgNzsBqdKX8ws4Rv7cHJ6yOPl13gVPWmB0d9WBmPZNB0ma54sNeoAhNmkycgAMXEOJY4-ko6oz5pqqoQxNDl__P-7TPCHiDRIFtkRvQb6L1Zhcp13pbvPEo0XdyaYlxGt1QgSHj9Gp-jdD6-MNZ81WLtTqb-ePGMs-xc-5cwWAOrReecVyHwVXVofo8wM4x14d3uaaIa5WDrTQgFI1Usoa4b3Uynl98IcLuZ7oFRqV23Cw3p9BPpr7AD2LtQetgwJotBzW86shQ' } } } +3ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest existing cookies on request: tokenca=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOjEwMDIsInVzZXJuYW1lIjoiQWRtaW4gQ2F0YWxvZ3VlIiwicm9sZSI6ImNhbXB1cy1hZG1pbiIsImlzcyI6ImNmYXJ0LmNhbXB1c2ZyYW5jZS5vcmciLCJhdWQiOiJjZmFydC5jYW1wdXNmcmFuY2Uub3JnIiwiaWF0IjoxNjYwOTI5MTQ1LCJleHAiOjE2NjA5NDM1NDV9.HY18B74vs91Joxw-om4dd-KstPVpNVhRt6Qc4Vl20kV8nVPnIRrKvhNHQen_8tIqn987b5HhmM-vgNzsBqdKX8ws4Rv7cHJ6yOPl13gVPWmB0d9WBmPZNB0ma54sNeoAhNmkycgAMXEOJY4-ko6oz5pqqoQxNDl__P-7TPCHiDRIFtkRvQb6L1Zhcp13pbvPEo0XdyaYlxGt1QgSHj9Gp-jdD6-MNZ81WLtTqb-ePGMs-xc-5cwWAOrReecVyHwVXVofo8wM4x14d3uaaIa5WDrTQgFI1Usoa4b3Uynl98IcLuZ7oFRqV23Cw3p9BPpr7AD2LtQetgwJotBzW86shQ +1ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest Incoming request GET-http://localhost:81/cfart-admin-api/programs matches known pre-request: { requestId: '96832.135', method: 'GET', url: 'http://localhost:81/cfart-admin-api/programs', headers: { 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', Accept: 'application/json, text/plain, */*', Referer: 'http://localhost:4240/', iwkey: '3c880b4826f763901c913ac0e0dacc53', 'sec-ch-ua-mobile': '?0', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"' }, resourceType: 'xhr', originalResourceType: 'XHR' } +0ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingResponse received response { req: { method: 'GET', proxiedUrl: 'http://localhost:81/cfart-admin-api/programs', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', iwkey: '3c880b4826f763901c913ac0e0dacc53', 'sec-ch-ua-mobile': '?0', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"', origin: 'http://localhost:4240', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7', cookie: 'tokenca=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOjEwMDIsInVzZXJuYW1lIjoiQWRtaW4gQ2F0YWxvZ3VlIiwicm9sZSI6ImNhbXB1cy1hZG1pbiIsImlzcyI6ImNmYXJ0LmNhbXB1c2ZyYW5jZS5vcmciLCJhdWQiOiJjZmFydC5jYW1wdXNmcmFuY2Uub3JnIiwiaWF0IjoxNjYwOTI5MTQ1LCJleHAiOjE2NjA5NDM1NDV9.HY18B74vs91Joxw-om4dd-KstPVpNVhRt6Qc4Vl20kV8nVPnIRrKvhNHQen_8tIqn987b5HhmM-vgNzsBqdKX8ws4Rv7cHJ6yOPl13gVPWmB0d9WBmPZNB0ma54sNeoAhNmkycgAMXEOJY4-ko6oz5pqqoQxNDl__P-7TPCHiDRIFtkRvQb6L1Zhcp13pbvPEo0XdyaYlxGt1QgSHj9Gp-jdD6-MNZ81WLtTqb-ePGMs-xc-5cwWAOrReecVyHwVXVofo8wM4x14d3uaaIa5WDrTQgFI1Usoa4b3Uynl98IcLuZ7oFRqV23Cw3p9BPpr7AD2LtQetgwJotBzW86shQ' } }, incomingRes: { headers: { date: 'Fri, 19 Aug 2022 17:12:25 GMT', server: 'Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.26 mod_fcgid/2.3.10-dev', 'x-powered-by': 'PHP/7.4.26', 'access-control-allow-origin': 'http://localhost:4240', 'access-control-allow-credentials': 'true', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0', pragma: 'no-cache', 'keep-alive': 'timeout=5, max=97', connection: 'Keep-Alive', 'transfer-encoding': 'chunked', 'content-type': 'application/json' }, statusCode: 200 } } +57ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingResponse determine injection +1ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingResponse - no injection (not html) +0ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms
GET /cfart-admin-api/programs 200 60.702 ms - -

10.4.0

OPTIONS /cfart-admin-api/authenticate 200 24.441 ms - -
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest proxying request { req: { method: 'POST', proxiedUrl: 'http://localhost:81/cfart-admin-api/authenticate', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', 'content-length': '87', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', iwkey: 'ee68390a36b94dc367ae288a928cb7db', 'sec-ch-ua-mobile': '?0', 'content-type': 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"', origin: 'http://localhost:4240', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' } } } +319ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest existing cookies on request:  +4ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingRequest Incoming request POST-http://localhost:81/cfart-admin-api/authenticate matches known pre-request: { browserPreRequest: { requestId: '50952.133', method: 'POST', url: 'http://localhost:81/cfart-admin-api/authenticate', headers: { 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', 'sec-ch-ua-mobile': '?0', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'Content-Type': 'application/json', Accept: 'application/json, text/plain, */*', Referer: 'http://localhost:4240/', iwkey: 'ee68390a36b94dc367ae288a928cb7db', 'sec-ch-ua-platform': '"Windows"' }, resourceType: 'xhr', originalResourceType: 'XHR' }, timestamp: 1660928558092 } +0ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse received response { req: { method: 'POST', proxiedUrl: 'http://localhost:81/cfart-admin-api/authenticate', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', 'content-length': '87', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', iwkey: 'ee68390a36b94dc367ae288a928cb7db', 'sec-ch-ua-mobile': '?0', 'content-type': 'application/json', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"', origin: 'http://localhost:4240', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7', cookie: '' } }, incomingRes: { headers: { date: 'Fri, 19 Aug 2022 17:02:38 GMT', server: 'Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.26 mod_fcgid/2.3.10-dev', 'x-powered-by': 'PHP/7.4.26', 'set-cookie': [Array], 'access-control-allow-origin': 'http://localhost:4240', 'access-control-allow-credentials': 'true', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0', pragma: 'no-cache', 'content-length': '134', 'keep-alive': 'timeout=5, max=99', connection: 'Keep-Alive', 'content-type': 'application/json' }, statusCode: 200 } } +47ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse determine injection +1ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse - no injection (not html) +1ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms
  cypress-verbose:proxy:http POST http://localhost:81/cfart-admin-api/authenticate IncomingResponse adding cookie to jar failed: Cookie is SameSite but this is a cross-origin request +2ms
POST /cfart-admin-api/authenticate 200 57.034 ms - -
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest proxying request { req: { method: 'OPTIONS', proxiedUrl: 'http://localhost:81/cfart-admin-api/programs', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', accept: '*/*', 'access-control-request-method': 'GET', 'access-control-request-headers': 'iwkey', origin: 'http://localhost:4240', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'same-site', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' } } } +16ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest existing cookies on request:  +1ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingRequest Incoming request OPTIONS-http://localhost:81/cfart-admin-api/programs matches known pre-request: { browserPreRequest: { requestId: '8F29008517691923F6858B8F1BC0B1E1', method: 'OPTIONS', url: 'http://localhost:81/cfart-admin-api/programs', headers: { Accept: '*/*', 'Access-Control-Request-Headers': 'iwkey', 'Access-Control-Request-Method': 'GET', Origin: 'http://localhost:4240', 'Sec-Fetch-Mode': 'cors', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36' }, resourceType: 'other', originalResourceType: 'Other' }, timestamp: 1660928558818 } +0ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingResponse received response { req: { method: 'OPTIONS', proxiedUrl: 'http://localhost:81/cfart-admin-api/programs', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', accept: '*/*', 'access-control-request-method': 'GET', 'access-control-request-headers': 'iwkey', origin: 'http://localhost:4240', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-fetch-mode': 'cors', 'sec-fetch-site': 'same-site', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7', cookie: '' } }, incomingRes: { headers: { date: 'Fri, 19 Aug 2022 17:02:38 GMT', server: 'Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.26 mod_fcgid/2.3.10-dev', 'x-powered-by': 'PHP/7.4.26', 'access-control-allow-methods': 'GET, POST', 'access-control-allow-headers': 'Content-Type, Accept, iwkey', 'access-control-allow-origin': 'http://localhost:4240', 'access-control-allow-credentials': 'true', 'content-length': '0', 'keep-alive': 'timeout=5, max=98', connection: 'Keep-Alive', 'content-type': 'text/html; charset=UTF-8' }, statusCode: 200 } } +8ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingResponse determine injection +0ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingResponse - no injection (not html) +0ms
  cypress-verbose:proxy:http OPTIONS http://localhost:81/cfart-admin-api/programs IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms
OPTIONS /cfart-admin-api/programs 200 10.194 ms - -
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest proxying request { req: { method: 'GET', proxiedUrl: 'http://localhost:81/cfart-admin-api/programs', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', iwkey: '3c880b4826f763901c913ac0e0dacc53', 'sec-ch-ua-mobile': '?0', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"', origin: 'http://localhost:4240', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip, deflate, br', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7' } } } +4ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest existing cookies on request:  +1ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest add cookies to request:  +0ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest waiting for prerequest +0ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingRequest Incoming request GET-http://localhost:81/cfart-admin-api/programs matches known pre-request: { browserPreRequest: { requestId: '50952.134', method: 'GET', url: 'http://localhost:81/cfart-admin-api/programs', headers: { 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', Accept: 'application/json, text/plain, */*', Referer: 'http://localhost:4240/', iwkey: '3c880b4826f763901c913ac0e0dacc53', 'sec-ch-ua-mobile': '?0', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"' }, resourceType: 'xhr', originalResourceType: 'XHR' }, timestamp: 1660928558823 } +0ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingResponse received response { req: { method: 'GET', proxiedUrl: 'http://localhost:81/cfart-admin-api/programs', headers: { host: 'localhost:81', 'proxy-connection': 'keep-alive', 'sec-ch-ua': '"Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"', accept: 'application/json, text/plain, */*', iwkey: '3c880b4826f763901c913ac0e0dacc53', 'sec-ch-ua-mobile': '?0', 'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36', 'sec-ch-ua-platform': '"Windows"', origin: 'http://localhost:4240', 'sec-fetch-site': 'same-site', 'sec-fetch-mode': 'cors', 'sec-fetch-dest': 'empty', referer: 'http://localhost:4240/', 'accept-encoding': 'gzip', 'accept-language': 'fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7', cookie: '' } }, incomingRes: { headers: { date: 'Fri, 19 Aug 2022 17:02:38 GMT', server: 'Apache/2.4.51 (Win64) OpenSSL/1.1.1l PHP/7.4.26 mod_fcgid/2.3.10-dev', 'x-powered-by': 'PHP/7.4.26', 'access-control-allow-origin': 'http://localhost:4240', 'access-control-allow-credentials': 'true', 'cache-control': 'no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0', pragma: 'no-cache', 'content-length': '32', 'keep-alive': 'timeout=5, max=97', connection: 'Keep-Alive', 'content-type': 'application/json' }, statusCode: 401 } } +8ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingResponse determine injection +1ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingResponse - no injection (not html) +0ms
  cypress-verbose:proxy:http GET http://localhost:81/cfart-admin-api/programs IncomingResponse injection levels: { isInitial: false, wantsInjection: false, wantsSecurityRemoved: false } +0ms
GET /cfart-admin-api/programs 401 10.457 ms - -

@karlhorky
Copy link
Contributor

@AtofStryker any news here? Would love to be able to upgrade Cypress again...!

@cypress-bot
Copy link
Contributor

cypress-bot bot commented Sep 8, 2022

The code for this is done in cypress-io/cypress#23438, but has yet to be released.
We'll update this issue and reference the changelog when it's released.

@AtofStryker
Copy link
Contributor

@karlhorky sorry for the late reply. I was able to merge in #23438 which should alleviate the issues you both were seeing and should be in the next release, which should likely be around Tuesday next week. If for some reason it does not fix your issue, we are doing quite a bit of cookie work for cy.origin, in particular in #23728 to make cookie behavior inside cy.origin a lot more consistent across the board.

@karlhorky
Copy link
Contributor

@AtofStryker ok no worries :)

Do you have a canary or next release published on npm to try out the changes in #23438 early before it will be published next week? I'd like to try it out and offer early feedback before next week.

@AtofStryker
Copy link
Contributor

@AtofStryker ok no worries :)

Do you have a canary or next release published on npm to try out the changes in #23438 early before it will be published next week? I'd like to try it out and offer early feedback before next week.

@karlhorky unfortunately we do not have a prerelease available with these changes yet, but the release should be available as early as Tuesday. If you are really eager to try it out, you could clone cypress and checkout develop, run yarn, and run cypress globally from the root directory with yarn cypress:open --config experimentalSessionAndOrigin=true or pass in your config file path, then add in the project directory.

@cypress-bot
Copy link
Contributor

cypress-bot bot commented Sep 13, 2022

Released in 10.8.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v10.8.0, please open a new issue.

@cypress-bot cypress-bot bot locked as resolved and limited conversation to collaborators Sep 13, 2022
@AtofStryker
Copy link
Contributor

@karlhorky @lehmat @PhilFlash changes should be released in 10.8.0 that hopefully fix this issue. can you upgrade and confirm? If the issue isn't fixed I can reopen if needed.

@cypress-io cypress-io unlocked this conversation Sep 13, 2022
@karlhorky
Copy link
Contributor

karlhorky commented Sep 13, 2022
edited
Loading

I've upgraded to 10.8.0 and the broken behavior seems to be resolved.

I have another issue, but I believe it is unrelated: a cy.contains() command which is in the test code near the top of an it() block runs at a completely different part of the test, where there is no cy.contains() 🤔

@AtofStryker
Copy link
Contributor

I've upgraded and the broken behavior seems to be resolved.

yay! That's great to hear.

I have another issue, but I believe it is unrelated: a cy.contains() command which is in the test code near the top of an it() block runs at a completely different part of the test, where there is no cy.contains() 🤔

Now that's not so great to hear 😢 . 99% likely unrelated as most the cookie work was done in the proxy server. Are you able to open an issue about the behavior you are seeing with cy.contains?

@karlhorky
Copy link
Contributor

karlhorky commented Sep 13, 2022
edited
Loading

I'm thinking that maybe it's re-querying an alias, wonder if it's a regression / new behavior introduced by #23652.

Edit: Maybe it's actually exposing a bug that was never shown before in our tests - one of our aliases is getting requeried on a page that didn't actually have the root element haha. So it looks like it may be our own error here. Sorry for the noise!

@AtofStryker
Copy link
Contributor

No worries at all. If you run into any problems, don't hesitate to open a new issue!

@PhilFlash
Copy link

For me, all is ok with 10.8.0. Thanks

@lehmat
Copy link
Author

lehmat commented Sep 15, 2022

10.8.0 works perfect for me too

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AtofStryker AtofStryker

Labels
topic: cookies 🍪 topic: cy.origin Problems or enhancements related to cy.origin command type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: same site cookie context and duplicate cookies cypress-io/cypress
7 participants
@nagash77 @karlhorky @mschile @AtofStryker @PhilFlash @lehmat @silipi