Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chromeWebSecurity workaround for Cross origin errors no longer working. #1951

Closed
jjp390 opened this issue Jun 14, 2018 · 27 comments · Fixed by #2077
Closed

chromeWebSecurity workaround for Cross origin errors no longer working. #1951

jjp390 opened this issue Jun 14, 2018 · 27 comments · Fixed by #2077
Milestone

Comments

@jjp390
Copy link

jjp390 commented Jun 14, 2018

Current behavior:

Using { "chromeWebSecurity": false } is not being respected when the test is running since the upgrade from Chrome 66 -> 67.

CypressError: Cypress detected a cross origin error happened on page load:

  Blocked a frame with origin "url" from accessing a cross-origin frame.

Before the page load, you were bound to the origin policy:
  url2

Desired behavior:

Previously the bypass would allow the test to run and pass over the error

Steps to reproduce:

https://github.com/jjp390/cypress-test-tiny
From here, run npx cypress open and then run the test spec.js and it will throw the error at the end despite the added file in cypress.json

Versions

Cypress 3.0.1, OSX 10.13.5, Chrome 67

@konrad-arena
Copy link

chrome 69 (unstable) seems to be fine

@poornimachinnaraj
Copy link

Is there any proper solution for this problem,I have the same issue.

@alinadrescher
Copy link

Is there any update on this? We have the same issue. Also using chrome 69 seems to not work!

@poornimachinnaraj
Copy link

poornimachinnaraj commented Jun 20, 2018 via email

@jennifer-shehane jennifer-shehane added the stage: needs investigating Someone from Cypress needs to look at this label Jun 20, 2018
@Peggy1012
Copy link

I have the same problem with update Chrome.

@brian-mann
Copy link
Member

brian-mann commented Jul 1, 2018

I looked into this and it's because in Chrome 67 they've begun to randomly roll out Site Isolation.

It's currently a Known Isssue documented here that this breaks the --disable-web-security flag. http://www.chromium.org/Home/chromium-security/site-isolation

I believe that because it is a random rollout then only a subset of users are experiencing this. Did you know that Chrome does A/B experiments and collects the usage?

It's likely that either Chrome 69 (currently Canary) has either fixed this or, or on that browser you do not have Site Isolation enabled.

TO FIX THIS:

Add the --disable-site-isolation-trials argument to chrome via https://docs.cypress.io/api/plugins/browser-launch-api.html#Usage

We'll go ahead and update the flags to include this by default.

IN THE FUTURE:

Chrome upgrades should never really affect you this much. For instance, nobody is ever forcing you to upgrade. Whenever newer versions come out that break things in Cypress you should:

  • Try Canary to see if its fixed
  • Use the built in Cypress Electron browser
  • Download the previous version of Chrome you were using by downloading Chromium

You can download Chromium here: https://chromium.woolyss.com/download/

This site also has links to download previous version of Chromium:

@neutcomp
Copy link

neutcomp commented Jul 6, 2018

I am correct that this peace should be placed in the plugins/index.js file? If so it did not helped me fixing the memory/Aw, Snap issue.

on('before:browser:launch', (browser = {}, args) => {
    if (browser.name === 'chrome') {
      args.push('--disable-site-isolation-trials');

      return args
    }
  })

@jennifer-shehane
Copy link
Member

@neutcomp Yes, see the correct usage here: https://on.cypress.io/browser-launch-api#Usage

@neutcomp
Copy link

@jennifer-shehane do you mean yes for that it should be placed in plugins/index.js file or that the code is correct? Or both :) Because I used indeed the link you placed to figured out how to implement this args.push functionality.

@jennifer-shehane
Copy link
Member

You are correct that it should be placed in the plugins/index.js file.

You have the code you pasted wrapped in the module.exports = (on, config) => {} piece? Because it does look correctly written. We'd have to look in more about why it does not work for you.

@jennifer-shehane
Copy link
Member

If you wanted to download Chromium versions (say, future versions) here is the link for this:

@jennifer-shehane jennifer-shehane added stage: pending release and removed stage: needs review The PR code is done & tested, needs review stage: needs investigating Someone from Cypress needs to look at this stage: in progress labels Jul 23, 2018
@slaby93
Copy link

slaby93 commented Jul 24, 2018

Hey, I've disabled chromeWebSecurity as well as added before:browser:launch as suggested above.
When I try to test payment process ( 302 to for example paypal ) my whole browser is redirected there, not only iframe. This means whole cypress dashboard is disappearing.

Testing cross-domain behavior is critical for my company as we need to test our integration with external services ( like PayPal ).

@pinalbhatt
Copy link

me too... tried as suggested here but no luck.

@UmasankarN
Copy link

I am facing "uncaught securityError:Blocked a frame with origin from accessing a frame with orgin .Protocols,domains and ports must match" error when trying open the iframe based application which deals with localhost and localhost:8088 in Google chrome. This is not happening in IE. Please let me know if any work around for this
application issie

@brian-mann
Copy link
Member

@UmasankarN try upgrading to 3.1.2 and/or try setting chromeWebSecurity: false

@sankarsp
Copy link

sankarsp commented Dec 18, 2018

I'd noticed an error, when I try to search the records .>
Cypress package version: 3.1.3
Error: Blocked a frame with origin "https://*******.com" from accessing a cross-origin frame.
Note : it was working thro manual search.

@jsjoeio
Copy link

jsjoeio commented Feb 20, 2019

For those who come here after me, the only thing I had to do was modify the cypress.json file and add:

{
  "chromeWebSecurity": false
}

Reference: Disabling Web Security from the Cypress Docs

@johnaschroeder
Copy link

@jsjoeio Thanks, your comment did the trick.

@nataliejuner
Copy link

nataliejuner commented May 8, 2019

Hello -- I am currently running on Chrome 74 and still having the problem of:
SecurityError: Blocked a frame with origin "http://localhost:3000" from accessing a cross-origin frame.

I updated my Cypress plugin index.js file to reflect this:

module.exports = (on, config) => {
	on('before:browser:launch', (browser = {}, args) => {
		// browser will look something like this
		// {
		//   name: 'chrome',
		//   displayName: 'Chrome',
		//   version: '63.0.3239.108',
		//   path: '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
		//   majorVersion: '63'
		// }

		if (browser.name === 'chrome') {
			args.push('--disable-site-isolation-trials');

			return args
		}

		if (browser.name === 'electron') {
			args['fullscreen'] = true

			// whatever you return here becomes the new args
			return args
		}
	})
}

If you have any tips and or solutions please let me know and I thank you in advance!!

@GirijaSelvakumar
Copy link

GirijaSelvakumar commented Sep 17, 2019

Hi..

i have added ChromeWebSecurity : false to my cypress.json file and added the above piece of code to plugins index file, still seeing the cross domain errors.

Can anyone help me in this please, thanks.

@roma-glushko
Copy link

roma-glushko commented Sep 29, 2019

The same issue here:
2019-09-29_09-34-01
cypress/plugins/index.js:

// ***********************************************************
// This example plugins/index.js can be used to load plugins
//
// You can change the location of this file or turn off loading
// the plugins file with the 'pluginsFile' configuration option.
//
// You can read more here:
// https://on.cypress.io/plugins-guide
// ***********************************************************

// This function is called when a project is opened or re-opened (e.g. due to
// the project's config changing)

module.exports = (on, config) => {
    // `on` is used to hook into various events Cypress emits
    // `config` is the resolved Cypress config
    on('before:browser:launch', (browser = {}, args) => {
        // browser will look something like this
        // {
        //   name: 'chrome',
        //   displayName: 'Chrome',
        //   version: '63.0.3239.108',
        //   path: '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
        //   majorVersion: '63'
        // }

        if (browser.name === 'chrome') {
            // `args` is an array of all the arguments
            // that will be passed to Chrome when it launchers
            args.push('--disable-site-isolation-trials')

            // whatever you return here becomes the new args
            return args
        }
    })
}

cypress.json:

{
    "baseUrl": "https://example.com",
    "chromeWebSecurity": false
}

homepage.spec.js:

describe('homepage', function() {
    it('visual', function() {
        cy.visit('/')
        cy.wait(200)

        cy.screenshot('homepage', { capture: "fullPage", disableTimersAndAnimations: true })
    })
})

It fails on almost all available engines for me:

  • Chrome 77
  • Canary 79

@goktugy
Copy link

goktugy commented Nov 14, 2019

I am having the same problem.

@goktugy
Copy link

goktugy commented Nov 14, 2019

I have added the changes to \plugins\index.js and cypress.json and still same outcome.

Something as simple as a "login" should not be this difficult. (selenium, puppeteer is much easier)

@goktugy
Copy link

goktugy commented Nov 14, 2019

cypress.json

{"chromeWebSecurity": false}

@goktugy
Copy link

goktugy commented Nov 14, 2019

index.js

module.exports = (on, config) => {
// on is used to hook into various events Cypress emits
// config is the resolved Cypress config

on("before:browser:launch", (browser = {}, args) => {
// console.log(browser, args); // see what all is in here!

// browser will look something like this
// {
//   name: 'chrome',
//   displayName: 'Chrome',
//   version: '63.0.3239.108',
//   path: '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
//   majorVersion: '63'
// }

// args are different based on the browser
// sometimes an array, sometimes an object

if (browser.name === "chrome") {
  args.push("--disable-site-isolation-trials");

  // whatever you return here becomes the new args
  return args;
}

});
}

@hieutrandn9889
Copy link

This bug still happen to for chrome 79

@jennifer-shehane
Copy link
Member

This is a very old issue. The exact case of which was closed over a year and a half ago in 3.0.3.

If you are experiencing a similar issue, open a new issue with a complete reproducible example. Test code + application to visit so that we can address it.

@cypress-io cypress-io locked as resolved and limited conversation to collaborators Dec 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.