* chore: update tough-cookie from 4.0.0 to 4.1.3. requires v8 snapshot update
* fix: tough-cookie as of 4.1 doesn't default sameSite undefined to none any longer. However, we want to set sameSite === undefined to lax as the default as this is the case in every standard browser, except firefox. We did this previously and this is behavior we want to continue to preserve, even for security reasons
* chore: update v8 snapshots
* fix issue with global toString
* chore: run ci
* chore: update @cypress/request to 2.88.22 and @cypress/request-promise to 4.2.7 [run ci]
* remove jsdom and start-server-and-test
* revert @cypress/request back to 2.88.12
* update changelog entry
* remove uneeded deps
---------
Co-authored-by: Bill Glesias <bglesias@gmail.com>
Co-authored-by: Ryan Manuel <ryanm@cypress.io>
* feat: set up experimentalUseDefaultDocumentDomain to disallow document.domain overwritting
* use default domain around experimentalUseDefaultDocumentDomain in main iframe and spec bridge iframes. Also adapt CORS policy to use same-origin if experimental flag is set
* run ci
* fix: add insertion of experimental flag where is was needed/missing
* chore: add system test to exercise experimental flag for expected behavior
* fix: fix issues with template updates to conform to squirrelly v7
* fix: update config tests to include new experimental flag
* run ci
* fix: trailing whitespace [run ci]
* chore: update snapshot
* run ci
* fix: update proxy unit tests to account for experimentalUseDefaultDocumentDomain
* run ci
* fix: Allow component tests with special characters in filepath (#25299)
feat: cut over experimental flag to take list of known problematic domains via string/glob pattern
run ci
chore: update system test and fix broken config
* fix: fix server unit and integration tests. integration tests should no longer use google to test against injection as we do not inject document.domain on google domains
* run ci
* run ci
* fix: server integration tests where google documents are expected to receive document.domain injection. Kept test same by changing URL
* run ci
* fix: update server test with mssing unupdated assertions
* run ci
* fix: turn off experimental flag by default while recommending sane defaults to users to configure
* run ci
* chore: fix typings [run ci]
* run ci
* chore: make experiment an e2e option only
* run ci
* chore: address comments in code review
* chore: rename experimentalUseDefaultDocumentDomain to experimentalSkipDomainInjection
* fix regression in shouldInjectionDocumentDomain utility function and add unit tests
* run ci
* chore: rename documentSuperDomainIfExists to superDomain [run ci]
* chore: address comments from code review
* chore: just pass opts through to policyForDomain
* run ci
Co-authored-by: Mike Plummer <mike-plummer@users.noreply.github.com>
* fix: Improve TypeScript support for custom queries
* Typo fix
* Fix TS more
* Move 'ensures' off of cy and onto Cypress
* Type fixes
* One missed replacement
* Test fixes
* Properly pass in to ensureRunnable
* Add .eslintignores to quiet down warnings
* Review feedback
* Update cli/types/cypress.d.ts
Co-authored-by: Emily Rohrbough <emilyrohrbough@users.noreply.github.com>
Co-authored-by: Emily Rohrbough <emilyrohrbough@users.noreply.github.com>
* fix: throw error if the cy.origin origin is in the same superDomainOrigin as top.
* testing test tweaks
* 'fix' cypress in cypress tests
* Inject cross origin in google subdomains when not same-origin
* style tweaks
* Ensure strict same-origin check works for google.
* test fixes
* we don't need the location object when we just want the href.
* what is in a name?
* Address PR Comments
* chore: enforce strict origin spec bridges
chore: refactor spec bridges to strictly enforce same origin
fix: wrap fullCrossOrigin injection around feature flag inside buffered response
* fix: do NOT set the initial cypress cookie inside the spec bridge as it is sending unecessary cookies
* chore: simplify the finding cypress in the injection code
* chore: change order in which callback fn is declared
* chore: add spec bridge performance issue to validation tests
* chore: refactor originPolicy to use superDomainOriginPolicy nomenclature and add sameSite/superDomainOrigin policy functions and make originMatch functions match fully same origin policy including sub domains
* chore: change doesAutMatchTopSuperOriginPolicy to doesAUTMatchTopSuperDomainOriginPolicy
* chore: rename originPolicy references to just be origin. Rename superDomainOriginPolicy to superDomainOrigin
* fix: remove duplicate origin keys and add check for remote.origin to return null
* chore: further rename variables to fit origin paradigm
* chore: remove latestActiveSuperDomainOrigin as it is no longer used
* fix: key order in consoleProps yielded test
* remove isAnticipatingCrossOriginResponse as it is no longer available
* chore: update documentation to urlMatchesSameSiteProps to show why the strictPortMatch is an option
* chore: refactor cors package to use a single parse function and update unit tests
* chore: refactor getOrigin to use url origin
* chore: update same-site documentation to now be dependent on cookies
* chore: update same-site policy to be schemeful-same-site policy as we consider protocol mismatches to be not same-site
* test: refactor and add tests in the cors package
* fix: add areUrlsSameSite method to cookies package and fix
sameSiteContext calculation method and add tests
* fix: always use Set-Cookie optimistically whether or not we keep track of the cookie or not in the server side cookie jar
* chore: add failing unit tests for postpending cookies
* chore: add tough cookie integration tests to verify we append cookies appropriately to request header Cookie
* fix: do not duplicate cookies in request if existing in the cookie jar. Add additional tests to verify expected behavior
* test: add cookie behavior tests that document current expected behavior vs what spec behavior should/will be
* test: add misc tests that check for cookie order
* chore: update debug logs in request to discern cookies
* test: fix assertions in firefox as same-site cookies are actually set correctly
* fix test incorrect assertions. cookies currently exist in primary that are same-site regardless of browser
* skip SameSite=none test in firefox as we currently low insecure samesite none cookies in firefox
* chore: apply suggestions from code review
* chore: change expects to expect
* chore: add documentation for why we need an additional HTTPS port
* remove X-Set-Cookie fixmes
* fix: use graceful-fs always, warn in development on sync calls
* skip prop linting in some dirs
* eslint rules
* use AST-based lint rule instead
* comment
* ignore existsSync
* run without nextTick
* remove dev warning code
* fix order
* register TS first
* fix tests
* fix test
* cover new call site
* fix new test
* add generic to cy.origin type
* fix log type, update/add comments
* fix comment indentation
* specific generic
* move RemoteState to internal types
* add on links to experimental flag descriptions
* chore: reduce nesting by flipping condition
* fix test title
* simplify failing log
* rename variable
* delete error property
* fix types
* fix type
* remove unnecessary todo
* update wait test
* jquery -> this
* update comment
* remove vestigial autoRun
* use finally
* re-throw non-security errors
* move back getting index
* add new state types
* remove unnecessary export
* startsWith -> includes
* it -> them
* update system test
* remove use of promise constructor
* Revert "remove use of promise constructor"
This reverts commit 35ccc28b6f.
* log errors from Page.getFrameTree
* test if anything breaks when removing optional chaining operator
* remove vestigial file
* handle queue ending in cross-origin driver
* fix coordinates spec
* improve chrome/firefox check in extension
* improve secure cookie regex
* use production mode for cross-origin driver bundle
* adding remoteStates.getPrimary
* catch and ignore queue errors
* remove optional chaining in postMessage handler
* removed unnecessary async
* update frame tree on cri client reconnect
* fix formatting
* renaming remoteStates variable
* prevent requests from being paused if experimentalSessionAndOrigin flag is off
Co-authored-by: Matt Schile <mschile@cypress.io>
* develop: (35 commits)
fix(deps): update dependency url-parse to v1.5.6 [security] (#20270)
chore: fix cache keys to include PLATFORM (#20279)
chore: fix server performance flake (#20271)
test(system-tests): support docker-based tests against built binary (#20250)
chore: fix system-test-firefox screenshots_spec flake (#20268)
chore(deps): update dependency fs-extra to v9 🌟 (#19939)
fix: Wait for child process to be ready (#19792)
fix: treat form-data bodies as binary (#20144)
test: replace cypress-test-example-repos coverage + remove bump (#20186)
fix(driver): update wrapErr to ignore number and boolean values (#20172)
release 9.5.0 [skip ci]
chore: Update Chrome (stable) to 98.0.4758.102 (#20192)
chore: enable volar.takeOverMode
Add span names, merge develop
fix: Update `.type(' ')` to not emit clicks when the keyup event has been prevented (#20156)
test: remove redundant "other projects" CI jobs (#20133)
chore(driver): move cy.focused and cy.root into their own files (#20054)
Move sending root event to own script
chore: release @cypress/vue-v3.1.1
chore: release @cypress/react-v5.12.3
...
Chris Breiding