Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: duplicate and expired cookies #25761

Merged
merged 47 commits into from
Feb 16, 2023
Merged

Conversation

AtofStryker
Copy link
Contributor

@AtofStryker AtofStryker commented Feb 9, 2023

Additional details

After introducing Cypress v12 with session/origin GA, we introduced a few cookie issues that become more broadly discoverable. These issues can be boiled down to two things

  • Duplicating cookies stored in the server side cookie jar with a prepended dot on the domain. This was being caused when the server jar cookies, which are sometimes duplicated references, was being resynced through CDP with hostOnly being falsy, which would create the cookie under a different domain with the prepended dot. The proposed fixed for this is that cookies that are stored within the server side cookie jarm when synced back through CDP, keep their same domain. This should keep overwriting behavior consistent with the specific cookie in question, as well as pervent duplication.
  • Cookies not expiring properly. This was fairly noticeable when users would try to remove a cookie by setting a cookie with a date in the past. Instead, the cookie would just get re set to the new value, which was often deleted. Our cookie patch was not handling this case, nor was our propagation for expiry times from 0 epoch, which register in tough cookie as -Infinity. This wasn't serialized to the automated backend, causing the expiry time to be nonexistant.

Steps to test

I have added a few tests to a new driver test, called cookie_misc, that tests the duplicate cookie behavior and expiry times. If you check out the first commit of this PR, you will see these tests fail. With the branch fully checked out, tests should now pass with the expected behavior.

How has the user experience changed?

PR Tasks

  • Have tests been added/updated?
  • Has the original issue (or this PR, if no issue exists) been tagged with a release in ZenHub? (user-facing changes only) (No longer applicable with 0acdd2c)
  • (N/A) Has a PR for user-facing changes been opened in cypress-documentation?
  • (N/A) Have API changes been updated in the type definitions?

@AtofStryker AtofStryker changed the title Fix duplicate and expired cookies fix: duplicate and expired cookies Feb 9, 2023
@cypress
Copy link

cypress bot commented Feb 9, 2023

13 flaky tests on run #44166 ↗︎

0 10163 212 0 Flakiness 13

Details:

[run ci]
Project: cypress Commit: 3ec78f1dd5
Status: Passed Duration: 13:53 💡
Started: Feb 16, 2023 2:17 PM Ended: Feb 16, 2023 2:31 PM
Flakiness  commands/net_stubbing.cy.ts • 1 flaky test • 5x-driver-chrome:beta

View Output Video

Test
network stubbing > intercepting request > can delay and throttle a StaticResponse
Flakiness  e2e/origin/cookie_behavior.cy.ts • 4 flaky tests • 5x-driver-chrome:beta

View Output Video

Test
... > same site / cross origin > XMLHttpRequest > sets cookie on same-site request if withCredentials is true, and attaches to same-site request if withCredentials is true
... > same site / cross origin > fetch > sets same-site cookies if "include" credentials option is specified from request, but does not attach same-site cookies to request by default (same-origin)
... > same site / cross origin > XMLHttpRequest > sets cookie on same-site request if withCredentials is true, and attaches to same-site request if withCredentials is true
... > same site / cross origin > fetch > sets same-site cookies if "include" credentials option is specified from request, but does not attach same-site cookies to request by default (same-origin)
Flakiness  e2e/origin/navigation.cy.ts • 1 flaky test • 5x-driver-chrome:beta

View Output Video

Test
delayed navigation > errors > redirects to an unexpected cross-origin and calls another command in the cy.origin command
Flakiness  cypress/cypress.cy.js • 3 flaky tests • 5x-driver-chrome:beta

View Output Video

Test
... > correctly returns currentRetry
... > correctly returns currentRetry
... > correctly returns currentRetry
Flakiness  commands/net_stubbing.cy.ts • 1 flaky test • 5x-driver-firefox

View Output Video

Test
network stubbing > intercepting request > can delay and throttle a StaticResponse

The first 5 flaky specs are shown, see all 6 specs in Cypress Cloud.

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings.

@valscion
Copy link

valscion commented Feb 10, 2023

I took the version in 38a65a6#comments for a spin and that doesn't yet seem to resolve my original issue. However I can no longer see duplicated cookies prepended with a dot (as in #25174) so I'll have to dig deeper into figuring out what could cause the error I'm seeing in #25174 (comment)

I'd be more than happy to debug further if there's parts that would help figure out what's going wrong here. Anything that could provide you more insight onto this particular case is appreciated.

The application code under test is mostly doing this:

  1. click the "send reply button"
  2. Triggers an AJAX query with jQuery.ajax
  3. Once AJAX request is done, does document.location.reload(true)
  4. After reload, the UI should contain the flash message that uses the cookie server set during the AJAX request

With Cypress v11.2.0

cypress-11 2

cypress-11 2-reload

The exported HAR file from Google Chrome's Network inspector: test.venuu.fi-cypress-11.2.har.zip

With this PR

cypress-12 x

cypress-12 x-reload

The exported HAR file from Google Chrome's Network inspector: test.venuu.fi-cypress-12.x.har.zip

@AtofStryker
Copy link
Contributor Author

@valscion thank you for taking a look at this! I was going to update today since I was out, but you beat me to it. I am going to take a look and see what might be causing your issue here. Possibly a cookie getting overwritten? I should have an update soon!

@AtofStryker
Copy link
Contributor Author

@valscion Just from looking at the screenshots, the cookies being sent look correct? Are you able to verify if cookies are being doubled up in the request with DEBUG=cypress-verbose:proxy:http enabled and seeing the cookies attached in the requests with the "cookies being sent with request" log?

@@ -28,10 +31,23 @@ export const toughCookieToAutomationCookie = (toughCookie: Cookie, defaultDomain
}

export const automationCookieToToughCookie = (automationCookie: AutomationCookie, defaultDomain: string): Cookie => {
let expiry: Date | undefined = undefined
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So its assumed all cookies have no expiration if one isn't defined?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that is correct!

@AtofStryker AtofStryker marked this pull request as ready for review February 15, 2023 15:57
cli/CHANGELOG.md Outdated Show resolved Hide resolved
@AtofStryker AtofStryker force-pushed the fix-duplicate-and-expired-cookies branch from 41ce209 to 7fa3175 Compare February 15, 2023 21:27
@AtofStryker AtofStryker force-pushed the fix-duplicate-and-expired-cookies branch 2 times, most recently from e342231 to b3f7afc Compare February 15, 2023 21:33
@AtofStryker AtofStryker merged commit ab60ed4 into develop Feb 16, 2023
@AtofStryker AtofStryker deleted the fix-duplicate-and-expired-cookies branch February 16, 2023 14:34
mjhenkes added a commit that referenced this pull request Feb 21, 2023
* fix: update newProject ref when switching between organizations in SelectCloudProjectModal (#25730)

* chore: debug page tooltip distance and artifact border (#25727)

* misc: debug page tooltip distance and artifact border

* add changelog entry

* fix CT test

* fix: Improve error handling around calls to `this.next` in middleware (#25702)

* chore: update changelog validation example (#25742)

* misc: improve debug loading text wrap responsiveness (#25703)

* misc: Increase max failures in IATR badge to 99 (#25737)

* chore: exclude collaborator issues/PRs from triage project (#25769)

* feat: add --auto-cancel-after-failures flag (#25237)

Co-authored-by: Emily Rohrbough <[email protected]>
Co-authored-by: Matt Schile <[email protected]>
Co-authored-by: Ryan Pei <[email protected]>
Co-authored-by: Emily Rohrbough <[email protected]>

* chore: Update v8 snapshot cache (#25592)

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* Update update_v8_snapshot_cache.yml

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

* chore: updating v8 snapshot cache

---------

Co-authored-by: cypress-bot[bot] <2f0651858c6e38e0+cypress-bot[bot]@users.noreply.github.com>
Co-authored-by: Ryan Manuel <[email protected]>
Co-authored-by: cypress-bot[bot] <47117332+cypress-bot[bot]@users.noreply.github.com>

* fix: implement new graphql fields for spec counts (#25757)

Co-authored-by: Stokes Player <[email protected]>
Co-authored-by: Mike Plummer <[email protected]>

* feat: Bundle cy.origin() dependencies at runtime (#25626)

Co-authored-by: cypress-bot[bot] <2f0651858c6e38e0+cypress-bot[bot]@users.noreply.github.com>
Co-authored-by: Ryan Manuel <[email protected]>

* chore: remove zenhub from release process (#25701)

Co-authored-by: Matt Schile <[email protected]>

* feat: add Cypress.Commands.overwriteQuery (#25674)

* feat: add Cypress.Commands.overwriteQuery

Co-authored-by: Emily Rohrbough <[email protected]>
Co-authored-by: Zach Bloomquist <[email protected]>

* fix: spawn child process with process.env in macOS arm64 (#25753)

Co-authored-by: Matt Schile <[email protected]>
Co-authored-by: Emily Rohrbough <[email protected]>
Co-authored-by: Zach Bloomquist <[email protected]>

* chore: lint system tests in CI (#25673)

* fix: Suppress filesystem errors during glob search (#25774)

* chore: issue with ts-loader missing in binary and problematic esbuild norewrite construct (#25797)

* chore: update changelog linting (#25809)

* docs(guides): add more detail to code-signing (#25794)

Co-authored-by: Emily Rohrbough <[email protected]>

* chore: update workflows.yml to include the v8 snapshot update branch (#25784)

Co-authored-by: cypress-bot[bot] <+cypress-bot[bot]@users.noreply.github.com>

* chore: internal request preflight (#25772)

---------

Co-authored-by: Emily Rohrbough <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: cypress-bot[bot] <2f0651858c6e38e0+cypress-bot[bot]@users.noreply.github.com>
Co-authored-by: Ryan Manuel <[email protected]>
Co-authored-by: Matt Henkes <[email protected]>
Co-authored-by: Zach Bloomquist <[email protected]>

* chore: bump for 12.6.0 release (#25812)

* chore: release @cypress/webpack-batteries-included-preprocessor-v2.4.0

[skip ci]

* chore: release @cypress/webpack-preprocessor-v5.17.0

[skip ci]

* test: skip flaky GitDataSource test (#25825)

* chore: making our add-to-triage-board workflow reusable within the Cypress-io org (#25820)

* chore: Making our add to triage workflow callable from other projects inside the Cypress-io org in Github

* chore: updated cypress-example-kitchensink version (#25828)

* fix: duplicate and expired cookies (#25761)

* chore: add regression tests for duplicate cookies and bad expiry times

* avoid prepending domain with dot for cookies that are set with the server side jar. This is to avoid the cookie being duplicated if it is set or overridden in a different context (request that can actually set the cookie or via document.domain)

* feat: use cookie.toString() in the cookie patch to more accurately set cookies on the document, which should include other properties besides key=value

* fix: add logic to handle expired cookies in the document.cookie patch, as well as in CDP

* chore: build binary for cookie fixes for users to test

* chore: change name of fixture to something more accurate

* chore: comment why we are using the toughCookie toString method in the patch

* [run ci]

* chore: add changelog entry

* [run ci]

* fix: revert back to key=value when getting document.cookie as those are the only values are displayed (oversight on my end)

* [run ci]

* chore: make compatible with cypress.require

* fix: add tests for hostOnly/non hostOnly cookies to make sure property gets sent up to automation client correctly. No longer need custom cookie prop to determine destination

* [run ci]

* fix: stale unit test

* chore: adjust comments

* [run ci]

* fix: bad domain logic

* [run ci]

* chore: remove irrelevant comment

* [run ci]

* fix: adjust cookie login text to spec hostOnly cookie within the cookie patch. This should yield the same behavior as we are bound to same origin within the spec bridge

* [run ci]

* [run ci]

* fix: allow for cookies on request of same key to take precedence over cookies in the jar, regardless of how many hierachy cookies exist in the jar

* chore: fix cookie misc tests for cy.origin (dont run cy.origin)

* [run ci]

* chore: skip misc cookie tests in webkit as headless behavior doesn't clear cookies between tests correctly

* Revert "fix: allow for cookies on request of same key to take precedence over cookies in the jar, regardless of how many hierachy cookies exist in the jar"

This reverts commit 17de188.

* [run ci]

* chore: split changelog entry into two parts

* chore: update logic to remove else statement and add comments

* [run ci]

* chore: readd windows snapshot branch in workflows

* [run ci]

* chore: fix workflows from bad merge

* [run ci]

* Revert "chore: split changelog entry into two parts"

This reverts commit 4352ef5.

* [run ci]

* fix: Fix type definitions for cy.reload() (#25779)

Co-authored-by: Emily Rohrbough <[email protected]>

* misc: Debug header updates (#25823)

* fix: allow running tests outside Vite project root folder (#25801)

* fix: allow running tests outside Vite project root folder

* update snapshots

* add changelog entry

---------

Co-authored-by: Lachlan Miller <[email protected]>

* fix: mount component in [data-cy-root] (#25807)

* fix(angular): mount component in [data-cy-root]

* fix e2e test

* add changelog entry

* changelog [skip ci]

* changelog

---------

Co-authored-by: Lachlan Miller <[email protected]>

* chore: updating add to triage baord github action to use org secret (#25868)

* chore: updating add to triage board github action to use org secret

* chore: release @cypress/angular-v2.0.2

[skip ci]

* chore: release @cypress/vite-dev-server-v5.0.3

[skip ci]

* chore: Update v8 snapshot cache (#25822)

Co-authored-by: cypress-bot[bot] <+cypress-bot[bot]@users.noreply.github.com>
Co-authored-by: Ryan Manuel <[email protected]>

* feat: support host only cookies (#25853)

* feat: allow setCookie API to take a hostOnly option

* chore: add jsdoc/typescript description to render to users

* chore: add changelog entry

* [run ci]

* chore: fix types

* chore: fix cookie login tests

* chore: update e2e cookie system tests

* [run ci]

* chore: fix cookie command tests. localhost cookies are calculated as hostOnly, which is consistent with how cypress works today

* chore: fix system tests for cookies.

* [run ci]

* chore: fix system tests

* chore: skip hostOnly assertions in webkit (for now)

* [run ci]

* chore: add property definitions to setCookieOptions

* [run ci]

* chore: add comments to hostOnly prop in firefox when setting a cookie

* fix(webpack-dev-server): touch component-index during onSpecsChange to avoid writing to app file (#25861)

* testing: try disabling uTimesSync and see what happens

* build binaries [run ci]

* fix: touch component index file instead of browser.js

* build binaries [run ci]

* update test

* fix test

* add test for custom HTML file in config

* use existing component index in webpack-dev-server unit tests

---------

Co-authored-by: Lachlan Miller <[email protected]>

* chore: release @cypress/webpack-dev-server-v3.2.4

[skip ci]

* chore: improve types for server automation cookie client (#25836)

* chore: improve types for automation cookies

* [run ci]

* fix: the cookie_behavior tests by syncing cookies immediately if … (#25855)

* fix: fix the cookie_behavior tests by syncing cookies immediately if the application is already stable

* chore: add changelog entry

* [run ci]

* chore: address comments from code review

* feat: Public API for CT Framework Definitions (#25780)

* chore: rework component onboarding in launchpad (#25713)

* chore: refactoring and types

* rework source of frameworks

* revert rename

* fix tests

* fix more tests

* types

* update code

* use same public API internally

* rename interfaces

* rename

* work on dev server api

* fix types

* fix test

* attempt to support getDevServerConfig

* tests

* add function to define framework [skip ci]

* rework a lot of types

* fix test

* update tests and types

* refactor

* revert changes

* lint

* fix test

* revert

* remove

* add "community" label [skip ci]

* refactor

* types

* lint

* fix bug

* update function name

* address feedback

* improve types with Pick

* refactor using type guard

* correct label

---------

Co-authored-by: Zachary Williams <[email protected]>

* chore: typing error

* feat: scan for 3rd party ct plugins (#25749)

* chore: refactoring and types

* rework source of frameworks

* revert rename

* fix tests

* fix more tests

* types

* update code

* use same public API internally

* rename interfaces

* rename

* work on dev server api

* fix types

* fix test

* attempt to support getDevServerConfig

* tests

* add function to define framework [skip ci]

* rework a lot of types

* fix test

* update tests and types

* refactor

* revert changes

* lint

* fix test

* revert

* remove

* add "community" label [skip ci]

* refactor

* types

* lint

* fix bug

* update function name

* address feedback

* feat: scan for 3rd party ct plugins

* add e2e test

* unit tests [run ci]

* tweak resolution

* rebase, address comments

* fix windows paths

* remove .gitignore

* fix test

---------

Co-authored-by: Lachlan Miller <[email protected]>

* lint config

* spacing

* try fix race cond

* fix import error

* build binary

* try update snapshot

* try using require

* support namespaced definitions (#25804)

* remove category

* add icon prop

* support esm -> cjs compiled typescript

* fix test

* misc: add CTA footer to launchpad framework dropdown (#25831)

* remove test project dependencies

* rebase

* windows

* windows again

* add changelog entry

* changelog

* revert workflow

* remove worklfow

---------

Co-authored-by: Zachary Williams <[email protected]>
Co-authored-by: Adam Stone-Lord <[email protected]>

* chore: release @cypress/webpack-dev-server-v3.3.0

[skip ci]

* fix: Add missing error message when `req.continue` is used incorrectly (#25884)

---------

Co-authored-by: Adam Stone-Lord <[email protected]>
Co-authored-by: Zachary Williams <[email protected]>
Co-authored-by: Mike Plummer <[email protected]>
Co-authored-by: Matt Schile <[email protected]>
Co-authored-by: Alejandro Estrada <[email protected]>
Co-authored-by: Emily Rohrbough <[email protected]>
Co-authored-by: Ryan Pei <[email protected]>
Co-authored-by: Emily Rohrbough <[email protected]>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: cypress-bot[bot] <2f0651858c6e38e0+cypress-bot[bot]@users.noreply.github.com>
Co-authored-by: Ryan Manuel <[email protected]>
Co-authored-by: cypress-bot[bot] <47117332+cypress-bot[bot]@users.noreply.github.com>
Co-authored-by: Mark Noonan <[email protected]>
Co-authored-by: Stokes Player <[email protected]>
Co-authored-by: Chris Breiding <[email protected]>
Co-authored-by: Zach Bloomquist <[email protected]>
Co-authored-by: willmsC <[email protected]>
Co-authored-by: Zach Bloomquist <[email protected]>
Co-authored-by: cypress-bot[bot] <+cypress-bot[bot]@users.noreply.github.com>
Co-authored-by: Tim Griesser <[email protected]>
Co-authored-by: Matt Henkes <[email protected]>
Co-authored-by: semantic-release-bot <[email protected]>
Co-authored-by: Ben M <[email protected]>
Co-authored-by: Bill Glesias <[email protected]>
Co-authored-by: Podles <[email protected]>
Co-authored-by: Paolo Caleffi <[email protected]>
Co-authored-by: Lachlan Miller <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
6 participants