cypress: chromeWebSecurity workaround for Cross origin errors no longer working.

I looked into this and it’s because in Chrome 67 they’ve begun to randomly roll out Site Isolation.

It’s currently a Known Isssue documented here that this breaks the --disable-web-security flag. http://www.chromium.org/Home/chromium-security/site-isolation

I believe that because it is a random rollout then only a subset of users are experiencing this. Did you know that Chrome does A/B experiments and collects the usage?

It’s likely that either Chrome 69 (currently Canary) has either fixed this or, or on that browser you do not have Site Isolation enabled.

TO FIX THIS:

Add the --disable-site-isolation-trials argument to chrome via https://docs.cypress.io/api/plugins/browser-launch-api.html#Usage

We’ll go ahead and update the flags to include this by default.

IN THE FUTURE:

Chrome upgrades should never really affect you this much. For instance, nobody is ever forcing you to upgrade. Whenever newer versions come out that break things in Cypress you should:

• Try Canary to see if its fixed
• Use the built in Cypress Electron browser
• Download the previous version of Chrome you were using by downloading Chromium

You can download Chromium here: https://chromium.woolyss.com/download/

This site also has links to download previous version of Chromium:

• https://chromium.woolyss.com/#mac-64-bit
• https://github.com/macchrome/macstable/releases/tag/v67.0.3396.87-r550428-macOS

For those who come here after me, the only thing I had to do was modify the cypress.json file and add:

{
  "chromeWebSecurity": false
}

Reference: Disabling Web Security from the Cypress Docs

Hey, I’ve disabled chromeWebSecurity as well as added before:browser:launch as suggested above. When I try to test payment process ( 302 to for example paypal ) my whole browser is redirected there, not only iframe. This means whole cypress dashboard is disappearing.

Testing cross-domain behavior is critical for my company as we need to test our integration with external services ( like PayPal ).

Hello – I am currently running on Chrome 74 and still having the problem of: SecurityError: Blocked a frame with origin “http://localhost:3000” from accessing a cross-origin frame.

I updated my Cypress plugin index.js file to reflect this:

module.exports = (on, config) => {
	on('before:browser:launch', (browser = {}, args) => {
		// browser will look something like this
		// {
		//   name: 'chrome',
		//   displayName: 'Chrome',
		//   version: '63.0.3239.108',
		//   path: '/Applications/Google Chrome.app/Contents/MacOS/Google Chrome',
		//   majorVersion: '63'
		// }

		if (browser.name === 'chrome') {
			args.push('--disable-site-isolation-trials');

			return args
		}

		if (browser.name === 'electron') {
			args['fullscreen'] = true

			// whatever you return here becomes the new args
			return args
		}
	})
}

If you have any tips and or solutions please let me know and I thank you in advance!!

Hi…

i have added ChromeWebSecurity : false to my cypress.json file and added the above piece of code to plugins index file, still seeing the cross domain errors.

Can anyone help me in this please, thanks.

@jsjoeio Thanks, your comment did the trick.