Change default AUT reloading and Cypress Cookie API behavior to align with cookie specifications

[AtofStryker]

Current behavior

Currently, Cypress Cookie APIs do not correctly set domain on cookie values.

The default value provided for domain in the documentation isn't correct and is actually the super domain of the hostname. The reason I believe we do this is because we need to be able to set cookies in a cross-origin/same-site context, as Cypress does NOT reload the AUT when super domain origin policies match. For example:

cy.visit('http://www.foobar.com:3500')
// Do some stuff
cy.visit('http://app.foobar.com:3500')
// super domain origin policy is the same. Application will not reload to re-set top
// The spec iframe is on http://www.foobar.com:3500 but the AUT is on http://app.foobar.com:3500,
// which makes them cross-origin. In order to actually set the cookie in the browser, 
// the spec iframe MUST set the cookie on the super domain 
// as setting on the spec iframe hostname (www.foobar.com) isn't correct, 
// and it doesn't have permission to set on the AUT iframe (app.foobar.com), and the application will fail. 
cy.setCookie('foo', 'bar')
// cookie domain is foobar.com, when it should be app.foobar.com

Desired behavior

When cy.origin is released as Generally Available (GA) or close to GA, I believe we should change this behavior to the following

• reload the app when the origin changes as opposed to super domain origin to allow cookies to be set from within the spec iframe to follow suite with the cookie specification
• if users need to navigate to a sub domain, encourage the use of a cy.origin block, which will accurately set cookies in the spec iframe cy.origin command with the introduction of same origin spec bridges
• fix the cookie defaults to apply the hostname as the domain instead of the superDomain
• update remote_states to use origin policy instead of super domain origin when pushing origins onto the stack
• change doesAUTMatchTopSuperDomainOrigin to be doesAUTMatchTopOrigin to remove the iframe source when origins do not match instead of super domain origins when triggering interactive snapshot mode.
• update request/response middleware and server-e2e to check for origin policy match instead of super domain origin policy when checking for cross origin.
• remove all references to super domain origin entirely within the codebase as it should no longer be used. This removes the invented term of super domain origin and hopefully discontinues its use permanently within Cypress

Test code to reproduce

See issue #23698 for setCookie behavior

Cypress Version

10.9.0

Node version

16.15.0

Operating System

macOS 12.6

Debug Logs

No response

Other

No response

[mjhenkes]

Closing in favor of: #24274
#24275

[cypress-bot]

Released in 11.0.0.

This comment thread has been locked. If you are still experiencing this issue after upgrading to
Cypress v11.0.0, please open a new issue.