mirror of https://github.com/cypress-io/cypress.git synced 2026-01-23 23:49:05 -06:00

Files

Preston Goforth 71c5b864ea feat: Selective CSP header stripping from HTTPResponse (#26483 )

* feat: Selective CSP header directive stripping from HTTPResponse
- uses `stripCspDirectives` config option

* feat: Selective CSP header directive permission from HTTPResponse
- uses `experimentalCspAllowList` config option

* Address Review Comments:
- Add i18n for `experimentalCspAllowList`
- Remove PR link in changelog
- Fix docs link in changelog
- Remove extra typedef additions
- Update validation error message and snapshot
- Fix middleware negated conditional

* chore: refactor driver test into system tests to get better test
coverage on experimentalCspAllowList options

* Address Review Comments:
- Remove legacyOption for `experimentalCspAllowList`
- Update App desc for `experimentalCspAllowList` to include "Content-Security-Policy-Report-Only"
- Modify CHANGELOG wording
- Specify “never” overrideLevel
- Remove unused validator (+2 squashed commits)
- Add "Addresses" note in CHANGELOG to satisfy automation
- Set `canUpdateDuringTestTime` to `false` to prevent confusion

* chore: Add `frame-src` and `child-src` to conditional CSP directives

* chore: Rename `isSubsetOf` to `isArrayIncludingAny`

* chore: fix CLI linting types

* chore: fix server unit tests

* chore: fix system tests within firefox and webkit

* chore: add form-action test

* chore: update system test snapshots

* chore: skip tests in webkit due to form-action flakiness

* chore: Move 'sandbox' and 'navigate-to' into `unsupportedCSPDirectives`
- Add additional system tests
- Update snapshots and unit test

* chore: update system test snapshots

* chore: fix system tests

* chore: do not run csp tests within firefox or webkit due to flake issues in CI

* chore: attempt to increase intercept delay to avoid race condition

* chore: update new snapshots with video defaults work

* chore: update changelog

---------

Co-authored-by: Bill Glesias <bglesias@gmail.com>
Co-authored-by: Matt Schile <mschile@cypress.io>

2023-06-14 14:54:52 -05:00

lib

feat: Selective CSP header stripping from HTTPResponse (#26483 )

2023-06-14 14:54:52 -05:00

test

feat: Selective CSP header stripping from HTTPResponse (#26483 )

2023-06-14 14:54:52 -05:00

.eslintignore

feat: Create public Cypress.ensure API for use with custom queries (#24697 )

2022-11-29 09:34:34 -06:00

index.js

Better handle reserved key CYPRESS_ENV being set by users to va… (#6437 )

2020-03-06 16:53:48 +06:30

package.json

chore: list rimraf dev-dependency once in repo (#26257 )

2023-03-28 20:49:09 -05:00

README.md

chore(proxy): improve debug log experience (#21489 )

2022-05-16 21:35:31 +00:00

tsconfig.json

…

README.md

proxy

This package contains the code for Cypress's HTTP interception proxy.

HTTP interception

./lib/http contains the code that intercepts HTTP requests. The bulk of the proxy's behavior is in three files:

request-middleware.ts contains code that manipulates HTTP requests from the browser
response-middleware.ts contains code that manipulates HTTP responses to the browser
error-middleware.ts handles errors that occur in the request/response cycle

Building

Note: you should not ever need to build the .js files manually. @packages/ts provides require-time transpilation when in development.

yarn workspace @packages/proxy build-prod

Testing

Tests are located in ./test

To run tests:

yarn workspace @packages/proxy test

Additionally, the server package contains tests that use the proxy.

Debug Logs

High level logs are available in the DEBUG=cypress:proxy:* namespace.

Detailed per-request logs are available in DEBUG=cypress-verbose:proxy:http.