-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid creating cookie prepended with dot ('.') #25174
Comments
Similar issue with a go-based-backend. The cypress intervention (likely by using |
Hi @olivierboudet . Thank you for opening an issue. Would you or @verheyenkoen be able to help provide me with a repro? I have an old reproduction repository I used for #22282 but that is only using |
@AtofStryker Yes, the cookies are duplicated with one of the domains being dot-prefixed. Not sure but could have to do with the This means you don't need a reproduction repo anymore? |
@verheyenkoen If the screenshot is the identical issue I don't think we need an additional reproduction, but can use the #22282 reproduction with Cypress 12. @olivierboudet however it sounds like your issue might be slightly different. A reproduction would likely be useful here, but if not We can likely go off the salesforce reproduction I have |
I've seen similar issues on our solution. This is a Rack (ruby) based application. So far we have only observed this in tests which use multiple domains. We actually have a test failure there, where a cookie does not get stored, even though present in the cookie headers. (We have had no time to file a decent bug report on this yet.) I think both issues may be related to the changes introduced in Cypress 12. If I understand correctly quite some work was done to make cross-domain tests work better. |
Yes, we saw the issue just after upgraded to cypress 12 (from cypress 10) |
May also be related to #25205 |
@AtofStryker Looks like the same issue indeed. In our case it were new tests so can't say if this "bug" is new to Cypress 12 but our test case is also touching multiple subdomains. |
We did significant cookie work for Cypress 12, including introducing new cookie commands and behaviors. My guess is this is an unintended side effect of those changes. Hopefully we can investigate soon! |
We have the same problem since updating to Cypress 12.
I hope this bug will be resolved soon. This workaround is far from ideal. |
The same behavior for us. |
Clearing all cookies does not work for us either. You need to specify which cookie to delete and do at the same step as your app under test will delete the corresponding cookie without the dot ".". |
I've written a reproduction case here: https://github.com/valscion/cypress-cookie-issue-reproduction The branch with Cypress v11.2.0 is passing: while the In that reproduction repository, we can see that we have two cookies being set with Cypress v12 where as v11.2 didn't set them. What's strange about the v12 behavior is that I needed to add a small timeout before reading Cypress v12.3.0Cypress v11.2.0Manual steps |
@valscion Great effort, well done! |
Regarding this section from the comment by @verheyenkoen in #25174 (comment):
I was able to get the same broken behavior both with |
More on our context — we're upgrading from Cypress v11.2.0 to v12 and now we have a test where a message that should be shown using Ruby on Rails' Flash messages functionality that in our case works with special cookies. However, with v12, we spot that there exists two cookies in the Cypress test, where now the one with the dot prefix is being used and the flash message is not being rendered as the application would render when not ran with Cypress: This causes our test to fail because the UI isn't showing the "Reply sent!" message as we'd expect to happen. Right now this is blocking us from upgrading to Cypress v12 as I can't think of a workaround for this situation. |
Is there anything I could do to help with this issue? This is blocking us from upgrading to Cypress 12.x right now. |
Hi @valscion. We are planning to start looking at this issue next sprint (in around 2ish weeks). If you want to get started early though, you might be able to debug some of the cookie code. My guess is it may not be the CDP Automation code as if I remember correctly this also happens in Firefox. I wonder if parsing the cookies on server has a different domain and sets them twice. These are all guesses as I haven't had time to look into the code in depth, but they might be great places to start! |
Cool, thanks for the pointers! Let's see if I can figure out any extra details |
I'd like to add a couple of cents too: In my case, I have to delete both cookies before any move, as otherwise, I still have the mismatch issue. |
Yes I was able to verify with my reproduction repository that this also happens with Firefox: I updated the Cypress v11.2.0 baseline test to also run with Firefox and that also passes with Firefox: |
It looks like the issue is indeed somewhere in the CDP Automation code. These parts seem suspicious to me: cypress/packages/server/lib/browsers/cdp_automation.ts Lines 49 to 58 in c2e7b60
Called in many places, one of them being here: cypress/packages/server/lib/browsers/cdp_automation.ts Lines 60 to 69 in c2e7b60
I tried to follow the code path on how we'd end up in those places but I didn't get that far. I also didn't have time today to figure out how I could try changing some code inside Cypress CDP Automation parts and then check if they'd fix my issue. I described my journey here as well as added logs of things that seems to be suspicious to me: https://gist.github.com/valscion/d4f0bf080598d42603f807fba87b8b3a |
Hi, we have same issues with Laravel and |
OK so I had some time to actually dig into this today and figure out what is going on. From what I can see, this is what is causing these duplicate cookies to show up with a prepended dot in the domain. But first, its probably good to document this cookie workflow for what is/supposed to happen in Cypress 12:
This is a pretty complex workflow that takes a bit to put together, but it's not entirely necessary to understanding the problem. So what is actually happening? From what I can see, some of the cookies we are setting in the server side cookie jar are actually cookies that requests have the ability to set in the browser, either through This explains why the regression appeared in v12, and is happening for those who do not even use I am still thinking of solutions, but one way we might be able to fix this is to be a bit smarter about what cookies we set in the serverside cookie jar, filtering out any values we know will actually be set by the browser to avoid any type of duplication or side effects. I don't think this solution is super involved and is something we can unit test fairly easily, |
Wow thanks for the explanation @AtofStryker, this functionality is quite interesting indeed! Let me know if you need help with verifying some fixes or change ideas and I can take them for a spin also in our actual application and not just the reproduction repository.
Would it be useful if I test this out myself? |
@valscion I would say so just to confirm the duplicate cookie issues resolve. Others can also feel free to try it! |
Seems to be related to #25205 |
Anyone willing to try this binary to see if it resolves the prepended dot issues? |
I tested the I removed the code block with the |
This should be making it in today or tomorrow with 12.6.1. Hang tight! |
I also verified that this binary did fix my reproduction repository locally: https://github.com/valscion/cypress-cookie-issue-reproduction |
Any update on this patch? Just upgraded from v10 only to be scuppered by this issue. |
@ankorstore-haddowg Our patch release was delayed with an unknown ETA. My best guess at the moment is we will be releasing this week, if not worse case a week from today. |
Released in This comment thread has been locked. If you are still experiencing this issue after upgrading to |
Current behavior
First, i have to tell that I am testing a company internal SSO implementation (based on Keycloak). I saw this comment (#1342 (comment)) on another issue which tells to test SSO with
cy.request
to simulate the authentication flow. In our case, we precisely want to test the flow, involving usage of multiple cookies with different domains, all set by Keycloak, not bycy.setCookie()
.Current behavior:
When user is authenticated, Keycloak sets some cookies but cypress duplicates them with domain prefixed by a dot.
In the cypress console, we can see cookies set by cypress:
Keycloak set this one in the server response:
Desired behavior
Cypress should allow to disable the automatic creation of new cookies prefixed by a dot.
At least, the value should not be empty.
Test code to reproduce
Too difficult to provide here, it needs a full setup of Keycloak with multiple applications to test SSO.
This issue is already detailed in other issues :
We have found a workaround which is to manually remove all cookies automatically set by Cypress, which is a very dirty hack:
Cypress Version
12.1.0
Node version
14.18.0
Operating System
Ubuntu 20.04
Debug Logs
No response
Other
No response
The text was updated successfully, but these errors were encountered: