feat: experimental skip domain injection (#25307)

* feat: set up experimentalUseDefaultDocumentDomain to disallow document.domain overwritting

* use default domain around experimentalUseDefaultDocumentDomain in main iframe and spec bridge iframes. Also adapt CORS policy to use same-origin if experimental flag is set

* run ci

* fix: add insertion of experimental flag where is was needed/missing

* chore: add system test to exercise experimental flag for expected behavior

* fix: fix issues with template updates to conform to squirrelly v7

* fix: update config tests to include new experimental flag

* run ci

* fix: trailing whitespace [run ci]

* chore: update snapshot

* run ci

* fix: update proxy unit tests to account for experimentalUseDefaultDocumentDomain

* run ci

* fix: Allow component tests with special characters in filepath (#25299)

feat: cut over experimental flag to take list of known problematic domains via string/glob pattern

run ci

chore: update system test and fix broken config

* fix: fix server unit and integration tests. integration tests should no longer use google to test against injection as we do not inject document.domain on google domains

* run ci

* run ci

* fix: server integration tests where google documents are expected to receive document.domain injection. Kept test same by changing URL

* run ci

* fix: update server test with mssing unupdated assertions

* run ci

* fix: turn off experimental flag by default while recommending sane defaults to users to configure

* run ci

* chore: fix typings [run ci]

* run ci

* chore: make experiment an e2e option only

* run ci

* chore: address comments in code review

* chore: rename experimentalUseDefaultDocumentDomain to experimentalSkipDomainInjection

* fix regression in shouldInjectionDocumentDomain utility function and add unit tests

* run ci

* chore: rename documentSuperDomainIfExists to superDomain [run ci]

* chore: address comments from code review

* chore: just pass opts through to policyForDomain

* run ci

Co-authored-by: Mike Plummer <mike-plummer@users.noreply.github.com>

cli/types/cypress.d.ts

@@ -3019,6 +3019,16 @@ declare namespace Cypress {
      * @see https://on.cypress.io/configuration#experimentalModifyObstructiveThirdPartyCode
      */
     experimentalModifyObstructiveThirdPartyCode: boolean
+    /**
+     * Disables setting document.domain to the applications super domain on injection.
+     * This experiment is to be used for sites that do not work with setting document.domain
+     * due to cross-origin issues. Enabling this option no longer allows for default subdomain
+     * navigations, and will require the use of cy.origin(). This option takes an array of
+     * strings/string globs.
+     * @see https://developer.mozilla.org/en-US/docs/Web/API/Document/domain
+     * @default null
+     */
+    experimentalSkipDomainInjection: string[] | null
     /**
      * Enables AST-based JS/HTML rewriting. This may fix issues caused by the existing regex-based JS/HTML replacement algorithm.
      * @default false