cypress: Cookies not being sent in redirect in 3.5.0

Current behavior:

I’m not sure what the issue is, but our Single Sign On Recipe is failing here: https://dashboard.cypress.io/#/projects/6p53jw/runs/32571/failures

Screen Shot 2019-10-23 at 6 21 12 PM

Desired behavior:

The Single Sign On should log in and reroute to dashboard page.

Steps to reproduce: (app code and test code)

  1. Pull down https://github.com/cypress-io/cypress-example-recipes
  2. Bump cypress dependency to 3.5.0
  3. npm i in root directory
  4. cd examples/logging-in__single-sign-on
  5. npm start
  6. in a new tab npm run cypress:open

Smallest amount of code to run:

it('can authenticate with cy.request', function () {
  cy.getCookie('cypress-session-cookie').should('not.exist')
  cy.request({
    method: 'POST',
    url: 'http://auth.corp.com:7075/login',
    qs: {
      redirectTo: 'http://localhost:7074/set_token',
    },
    form: true,
    body: {
      username: 'jane.lane',
      password: 'password123',
    },
  })
  .then((resp) => {
    expect(resp.status).to.eq(200)
    expect(resp.body).to.include('<h1>Welcome to the Dashboard!</h1>')
  })
})

Versions

3.5.0

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Reactions: 5
  • Comments: 37 (19 by maintainers)

Most upvoted comments

Released in 3.6.0.

+10
cypress-bot[bot] on Nov 5, 2019

Released in 3.6.1.

+8
cypress-bot[bot] on Nov 8, 2019

We’ll try to get a patch release out soon to fix this.

+7
brian-mann on Nov 4, 2019

I can confirm, even with 3.6.0. The tests that pass in 3.4.1 (using cookies), all still fail in 3.6.0…

+5
PsySolix on Nov 4, 2019

Thanks @brian-mann. Should this issue be reopened until the issue is resolved?

+4
jhappoldt on Nov 5, 2019

@pete-om Thanks a ton for sharing these details! I will get to work on reproducing this and tracking down the issue. These details are awesome.

FYI, I moved your comment to an issue so we can track this more clearly, as this thread is getting messy. New issue: #5688 You might want to watch it to receive updates.

+3
flotwig on Nov 13, 2019

Reopening since there are still some bugs with cookies + redirects. There is a PR open that should fix the issues people here are having: #5478

+3
flotwig on Nov 7, 2019

Also experiencing issues on 3.6.1

Keep going back to 3.4.1

+2
mbcopp on Nov 15, 2019

Heads up for anyone else encountering this, until a patch comes out I’m working around this issue by manually iterating through the set-cookies array, parsing all the key/values out, and calling cy.setCookie(name, value, etcetc) on each cookie

+2
pete-om on Oct 25, 2019

Still not fixed for me either.

Without a workaround, my authentication script still fails in 3.6.1. Cypress still appears to only process the first cookie in the set-cookie array. Everything works as expected in 3.4.1

The auth flow goes like this:

  • cy.request (get) to /account/login
    • this sets token1 in a cookie
    • the body contains token2 as a hidden parameter in a form
  • cy.request (post) to /account/login with form:true, and a body of token2, username, password
    • this results in a 302 redirect to /, with two cookies in set-cookie:
      • the first expires an sso cookie, which usually doesn’t exist (but doesn’t make a difference to this bug if it does exist)
      • the second sets the session auth token – this part is failing in 3.5.0+. It exists in set-cookie, otherwise my workaround wouldn’t work (manually doing a cy.setcookie on everything in the set-cookie bit), it’s just not being set during the cy.request

So what we should be left with after all the above is two cookies: token1 and auth token. What I get as of 3.5.0+ is just token1 (from the original get request) and no auth token.

And we’re not going outside our subdomain at any point so the cookies all have the same domain.

Note: if I cy.visit(‘/account/login’), type the username and password in and submit the form, the redirect sets all the cookies correctly and lets cypress log in, this method has never stopped working. It’s only doing it via cy.request that’s failing.

Hope this helps, let me know if there’s anything else I can do 😃

+1
pete-om on Nov 13, 2019

In 3.4.1 Screenshot 2019-10-24 at 07 42 01 Cypress sets all cookies from request response headers set-cookie array

In 3.5.0 Screenshot 2019-10-24 at 08 01 13 Cypress sets only first cookie element from request response headers set-cookie array

it reproduces on 3.6 also

+1
skylock on Nov 1, 2019
Read more comments on GitHub
← cypress: Cookies are broken with cy.origin
cypress: Could not install cypress behind firewall - cannot read repository cypress-io/request.git →