* chore: set up instrumentation and instrument middleware
* chore: set up console exporter
* chore: add parent span option to telemetry package
* chore: set up telemetry verbose mode
* chore: instrument the network proxy - part 1
* chore: make sure to terminate spans when request is aborted
* fix telemetry, create/end the request middle prior to sending the outbound request
* avoid telemetry ts build step, create entrypoint into packages/telemetry using TS conventions
* allow env vars to be "true" or "1"
* when creating child span, inherit their attributes directly from the parent
* create custom honeycomb exporter and span processor to log traces
* remove duplicate code that's already called in this.setRootContext
* cleanup
* more clean up
* update honeycomb network:proxy attributes, update console.log message
* yarn lock
* chore: remove performance API in middleware
* chore: end response on correct event
* recursively gather parent attributes on close
* added key and some clean up
* github action detector, move verbose into index, verbose log commands
* some tests
* clean up honeycomb exporter
* some renaming
* testing console trace link exporter
* Don't lose the top span when running in verbose.
* link to the right place for prod/dev
* changes to verbose to make sure it is read in the browser
* Apply suggestions from code review
* pass parent attributes between telemetry instances
* default to false
* 'fix' build issues
* src not dist
* add back on start span
* once more with feeling
* Fix some tests
* try this i guess
* revert auto build
* Apply suggestions from code review
Co-authored-by: Bill Glesias <bglesias@gmail.com>
* support failed commands
* Address PR comments
* Address PR Comments
* error handling
* handle all the errors
---------
Co-authored-by: Bill Glesias <bglesias@gmail.com>
Co-authored-by: Brian Mann <brian.mann86@gmail.com>
* begin setting log with the backend
* revert backend changes
* update interface now that we are only doing static log
* change existing logging logic to run in proxy layer instead
* add tests, fix small bugs
run ci
* fix tests
* add changelog
* run ci
* run ci
* fix cl
run ci
* Update cli/CHANGELOG.md
---------
Co-authored-by: Matt Henkes <mjhenkes@gmail.com>
* feat: set up experimentalUseDefaultDocumentDomain to disallow document.domain overwritting
* use default domain around experimentalUseDefaultDocumentDomain in main iframe and spec bridge iframes. Also adapt CORS policy to use same-origin if experimental flag is set
* run ci
* fix: add insertion of experimental flag where is was needed/missing
* chore: add system test to exercise experimental flag for expected behavior
* fix: fix issues with template updates to conform to squirrelly v7
* fix: update config tests to include new experimental flag
* run ci
* fix: trailing whitespace [run ci]
* chore: update snapshot
* run ci
* fix: update proxy unit tests to account for experimentalUseDefaultDocumentDomain
* run ci
* fix: Allow component tests with special characters in filepath (#25299)
feat: cut over experimental flag to take list of known problematic domains via string/glob pattern
run ci
chore: update system test and fix broken config
* fix: fix server unit and integration tests. integration tests should no longer use google to test against injection as we do not inject document.domain on google domains
* run ci
* run ci
* fix: server integration tests where google documents are expected to receive document.domain injection. Kept test same by changing URL
* run ci
* fix: update server test with mssing unupdated assertions
* run ci
* fix: turn off experimental flag by default while recommending sane defaults to users to configure
* run ci
* chore: fix typings [run ci]
* run ci
* chore: make experiment an e2e option only
* run ci
* chore: address comments in code review
* chore: rename experimentalUseDefaultDocumentDomain to experimentalSkipDomainInjection
* fix regression in shouldInjectionDocumentDomain utility function and add unit tests
* run ci
* chore: rename documentSuperDomainIfExists to superDomain [run ci]
* chore: address comments from code review
* chore: just pass opts through to policyForDomain
* run ci
Co-authored-by: Mike Plummer <mike-plummer@users.noreply.github.com>
* fix: throw error if the cy.origin origin is in the same superDomainOrigin as top.
* testing test tweaks
* 'fix' cypress in cypress tests
* Inject cross origin in google subdomains when not same-origin
* style tweaks
* Ensure strict same-origin check works for google.
* test fixes
* we don't need the location object when we just want the href.
* what is in a name?
* Address PR Comments
* chore: enforce strict origin spec bridges
chore: refactor spec bridges to strictly enforce same origin
fix: wrap fullCrossOrigin injection around feature flag inside buffered response
* fix: do NOT set the initial cypress cookie inside the spec bridge as it is sending unecessary cookies
* chore: simplify the finding cypress in the injection code
* chore: change order in which callback fn is declared
* chore: add spec bridge performance issue to validation tests
* chore: add documentation to CDP,electron, and web extension for selected resource types
* chore: change nomenclature of X-Cypress-Request to X-Cypress-Is-XHR-Or-Fetch
* chore: remove no longer applicable comment for socket code
* chore: add comments to the resourceType/credential manager
* test: add correct cookie_behavior assertions before work on server
(currently failing)
* chore: add types needed in the socket and middlewares
* feat: add socket code to server-base (no tests here) to be used in request/response middleware
* feat: fill out the ExtractCypressMetadataHeaders implementation
* feat: add attach cookie logic to requests based on xhr/fetch requests
* feat: add attaching cookies to response logic w/ tests
* Update packages/proxy/lib/http/request-middleware.ts
Co-authored-by: Matt Henkes <mjhenkes@gmail.com>
Co-authored-by: Matt Henkes <mjhenkes@gmail.com>
* chore: remove cannot_visit_previous_origin error message as it is no longer used
* fix: wrap MaybeEndRequestWithBufferedResponse fullCrossOrigin check around feature flag
* feat: add X-Cypress-Request header in extension
* feat: add X-Cypress-Request header in CDP
* feat: add X-Cypress-Request header in electron
* feat: add ExtractRequestedWithAndCredentialsIfApplicable middleware stub to remove the newly added x-cypress-request header
* chore: change defaultHeaders variable name to requestModifications to more accurately reflect usage
* chore: condense ExtractIsAUTFrameHeader and ExtractRequestedWithAndCredentialsIfApplicable into ExtractCypressMetadataHeaders middleware
* test: add anti assertion for x-cypress-request and remove setting request verbage (as it does nothing yet)
* test: refactor and add tests in the cors package
* fix: add areUrlsSameSite method to cookies package and fix
sameSiteContext calculation method and add tests
* fix: always use Set-Cookie optimistically whether or not we keep track of the cookie or not in the server side cookie jar
* chore: add failing unit tests for postpending cookies
* chore: add tough cookie integration tests to verify we append cookies appropriately to request header Cookie
* fix: do not duplicate cookies in request if existing in the cookie jar. Add additional tests to verify expected behavior
* test: add cookie behavior tests that document current expected behavior vs what spec behavior should/will be
* test: add misc tests that check for cookie order
* chore: update debug logs in request to discern cookies
* test: fix assertions in firefox as same-site cookies are actually set correctly
* fix test incorrect assertions. cookies currently exist in primary that are same-site regardless of browser
* skip SameSite=none test in firefox as we currently low insecure samesite none cookies in firefox
* chore: apply suggestions from code review
* chore: change expects to expect
* chore: add documentation for why we need an additional HTTPS port
* remove X-Set-Cookie fixmes
* chore: [Multi-domain] Rename isMultiDomain for the driver and the server
* A couple more changes
* Update packages/driver/src/cy/commands/navigation.ts
Co-authored-by: Matt Schile <mschile@gmail.com>
Co-authored-by: Matt Schile <mschile@gmail.com>
* chore: use import type across repo
* chore: use import type across repo
* chore: use import type across repo
* chore: use import type across repo
* update exports
* update test
* update import type
* update types
* use import type in driver
* correctly export function
* revert test
* remove unrelated code
* revert code
* improve type imports
* override for reporter
* force websockets transport
* wip: ensure ws connections take place thru a known socket
* clean up yesterday's work
* remove dead code (request is undefined)
* update websocket tests
* add websocket tests
* update socket + server specs
* add token auth for file_server
* Fix cy.visit file_server
* restrict non-proxied URLs, serve error on runner URL non-proxied
* add e2e test for server splash page
* fix types
* use clientRoute, fix tests
* only run 6_non_proxied in electron
* use browser.path
* improve empty options type
* add ws assertions in e2e tests
* fix server_spec
* refactor socket whitelisting logic
* update server_spec
* respond to PR feedback
- added tests for non-clientRoute redirecting to clientRoute when not behind proxy
- cleaned up comments
- cleaned up logic in server.coffee
- moved error html to own file
- added unit test for socket whitelist + fixed removal bug
* renames
* Refactor proxy into own package, implement middleware pattern
don't need these mocha opts anymore
fix test
no more zunder
READMEs
fix test
* pass request by reference
* fix cors path
* Move replace_stream to proxy, concat-stream util in network
* Pin dependency versions
* Revert addDefaultPort behavior
* Add READMEs for proxy, network
* Update README.md
* eslint --fix
* set to null not undefined
* use delete and bump node types
* import cors from package now
* parse-domain@2.3.4
* proxy package needs common-tags
* move pumpify dep
* load through where it's needed, remove unused passthru_stream
* remove unneeded getbuffer call
Co-authored-by: Gleb Bahmutov <gleb.bahmutov@gmail.com>
Matt Schile