Disabling Web Security doesn't work after windows update

[kkeranen]

Bug: Windows update broke the setting "chromeWebSecurity": false in cypress.json

Current behavior:

cy.visit results an error: securityError: Blocked a frame with origin "http://localhost:8080" from accessing a cross-origin frame.

Desired behavior:

There were no such error until automatic Windows update. This was double-checked with a colleague. She didn't have the windows update and test was passing, but after windows update she got the same error.

Steps to reproduce:

1. Add simple test with cy.visit("https://trimbleworld.azurewebsites.net/");
2. Add "chromeWebSecurity": false in cypress.json
3. Test is failing, probably because underlying JS script is trying to access other domain. But why did this work before Windows install?

And no, I'm not trying to use this slow login in every test. I have read your best practices. The problem is only in one login-test.

Versions

Windows 10 Enterprise Version 1803 build 17134.1
Cypress 3.0.1
Chrome 67.0.3396.87 64 bit

[jennifer-shehane]

Do you think that Chrome may have updated in the process of Windows update?

[kkeranen]

It's possible, but I couldn't find any record or hint of Chrome update.

[Sourabh9200]

@jennifer-shehane : I am also getting cross origin error even after disabling web security in cypress.json file.
Please advise.
Windows 10 Enterprise
Chrome - Version 67.0.3396.87 (Official Build) (64-bit)

[brian-mann]

Duplicate of #1951 (comment)

Check my issue there for a fix.