cypress: Cypress crash: Error: Failed to parse or set cookie named

Operating System: Windows 10
Cypress Version: 1.4.2
Browser Version: Chrome 63?

Is this a Feature or Bug?

Bug

Current behavior:

Sometimes when I go to my website using cy.visit(…) if the site returns a redirect and a clear cookie (e.g. logout) the Cypress crashes and logs:

`{ [Error: Failed to parse or set cookie named "aspAuth".] name: undefined }
undefined

Desired behavior:

How to reproduce:

Not sure, but these are the relevant headers my site returns when I navigate to it:

Cache-Control:no-cache, no-store, must-revalidate
Content-Length:0
Date:Fri, 16 Feb 2018 03:37:23 GMT
Expires:-1
Location:https://appcenter.intuit.com/connect/oauth2?...
p3p:CP="Company does not have a P3P policy"
Pragma:no-cache
Set-Cookie:Provision.ConnectionInfo=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
Set-Cookie:XSRF-TOKEN=rzOLRz36OX_A5wQuhVPKkssxg7fCwZOa_iMi-Nx95-1RRU; path=/; secure; samesite=lax
Set-Cookie:XSRF-TOKEN=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
Set-Cookie:aspAuth=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/; samesite=lax
Strict-Transport-Security:max-age=31536000
X-Content-Type-Options:nosniff
X-Request-Id:0HLBKQPQAPOUV:00000003
X-Time:1
X-XSS-Protection:1

Test code:

cy.visit('https://localdev/start/app');

About this issue

Original URL
State: closed
Created 6 years ago
Reactions: 10
Comments: 61 (19 by maintainers)

Commits related to this issue

fixes #1321 by setting url used to create cookie - this fixes the edge case where a secure cookie flag is set and then that cookie is then expired from an https URL *without* the subsequent secure fl... — committed to cypress-io/cypress by brian-mann 6 years ago
secure cookie error crash (#2685) - fixes #1264 - fixes #1321 - fixes #1799 - fixes #2689 - fixes #2688 - fixes #2687 - fixes #2686 — committed to cypress-io/cypress by brian-mann 6 years ago
secure cookie error crash (#2685) - fixes #1264 - fixes #1321 - fixes #1799 - fixes #2689 - fixes #2688 - fixes #2687 - fixes #2686 — committed to cypress-io/cypress by brian-mann 6 years ago
secure cookie error crash (#2685) - fixes #1264 - fixes #1321 - fixes #1799 - fixes #2689 - fixes #2688 - fixes #2687 - fixes #2686 — committed to kuceb/cypress by brian-mann 6 years ago

Most upvoted comments

We’re prioritizing this issue in this sprint. It’s long overdue to be fixed.

+16

brian-mann on Oct 10, 2018

We’re aware of what the problem is. It’s not a quick fix but it’s an important one that’s high up on our radar.

We are going to release 3.1 first and then circle back to this. It requires shifting around a bunch of things to fix.

+10

brian-mann on Jul 12, 2018

@lukemadera no, I didn’t find a workaround. I gave up and moved to TestCafe that worked better for my needs.

corneliutusnea on Mar 10, 2018

We have made a lot of progress on this issue, and may have a fix out in the next day or two. We had to rewrite the visit resolving layer of Cypress, which will help more things than just this bug as well.

brian-mann on Oct 22, 2018

Still seeing this issue in 3.1.5.

Error: Failed to parse or set cookie named "JSESSIONID".

This is the cookie in the header.

set-cookie: JSESSIONID=4C30AC94E795759EC164FF34D2FD5AB6; Path=/wiki; Secure; HttpOnly

Update: So after some testing I’ve figured out this. When running the server locally it is served in HTTP. However server is still returning Secure in the set-cookie header. Chrome seems to be fine but maybe Cypress was too strict about it. I guess it is why a lot of people complained about the error when running the server locally.

I can confirm it is the Secure keyword that crushes Cypress (3.1.5) in my case. After proxying my local traffic and delete the keyword on the fly. Cypress can open my page without any issue.

randing89 on Feb 12, 2019

Can confirm @randing89’s finding that Secure keyword breaks Cypress 3.1.5 (worked fine in 3.1.0).

sweoggy on Feb 14, 2019

@cannibalcow you’d better abandon if you can, regular webdriver is much much better. It takes time on the beginning to setup things, but then it works way better and faster (and supports headless chrome).

Cypress is good only for something really small. It is good on the first step, but then it is much more painful to work with. You’ll have lot’s of showstoppers

xlenz on Sep 13, 2018

Thank you so much for putting all that time and effort in Brian! Sorry this is such a tricky issue.

lukemadera on Jun 20, 2018

Cypress 2.1.0 (also crashed in Cypress 3.0.1) Chrome 66 OSX 10.12.6

How to reproduce

As @sillpa-polasani and @lujianlujian describes, this crash can be easily reproduced by these cases:

describe('My First Test', function() {
  it('Visits the Kitchen Sink', function() {
    cy.visit('https://www.paypal.com')
  })
})

describe('crash issue https://github.com/cypress-io/cypress/issues/1321', function() {
    it.only('go into create step2', function() {
      cy.visit('https://www.surveymonkey.com') //working fine
      cy.visit('https://www.surveymonkey.com/create/?sm=JyO9zQ7UD4cy1qYivEKDxbW5vSI_2BIVzBnqW7paZOcEU_3D') //crashing when trying to access a URL requiring login
    })
})

Workaround:

After adding some hard codes in setCookie function in cookies.js, everything seems just back to normal, including that two reproduce cases.

path: /Cypress/3.0.1/Cypress.app/Contents/Resources/app/packages/server/lib/automation/cookies.js

  (function() {
    var COOKIE_PROPERTIES, Promise, _, cookies, extension, normalizeCookieProps, normalizeCookies;
  
    _ = require("lodash");
  
    Promise = require("bluebird");
  
    moment = require('moment');
    
    extension = require("@packages/extension");
  
    COOKIE_PROPERTIES = "name value path domain secure httpOnly expiry".split(" ");
  
    normalizeCookies = function(cookies, includeHostOnly) {
      return _.map(cookies, function(c) {
        return normalizeCookieProps(c, includeHostOnly);
      });
    };
  
    normalizeCookieProps = function(props, includeHostOnly) {
      var cookie;
      if (!props) {
        return props;
      }
      cookie = _.chain(props, COOKIE_PROPERTIES).pick(COOKIE_PROPERTIES).omitBy(_.isUndefined).value();
      if (includeHostOnly) {
        cookie.hostOnly = props.hostOnly;
      }
      switch (false) {
        case props.expiry == null:
          delete cookie.expiry;
          cookie.expirationDate = props.expiry;
          break;
        case props.expirationDate == null:
          delete cookie.expirationDate;
          delete cookie.url;
          cookie.expiry = props.expirationDate;
      }
      return cookie;
    };
  
    cookies = function(cyNamespace, cookieNamespace) {
      var isNamespaced;
      isNamespaced = function(cookie) {
        var name;
        if (!(name = cookie != null ? cookie.name : void 0)) {
          return cookie;
        }
        return name.startsWith(cyNamespace) || name === cookieNamespace;
      };
      return {
        getCookies: function(data, automate) {
          var includeHostOnly;
          includeHostOnly = data.includeHostOnly;
          delete data.includeHostOnly;
          return automate(data).then(function(cookies) {
            return normalizeCookies(cookies, includeHostOnly);
          }).then(function(cookies) {
            return _.reject(cookies, isNamespaced);
          });
        },
        getCookie: function(data, automate) {
          return automate(data).then(function(cookie) {
            if (isNamespaced(cookie)) {
              throw new Error("Sorry, you cannot get a Cypress namespaced cookie.");
            } else {
              return cookie;
            }
          }).then(normalizeCookieProps);
        },
        setCookie: function(data, automate) {
          var cookie;
          if (isNamespaced(data)) {
            throw new Error("Sorry, you cannot set a Cypress namespaced cookie.");
          } else {
            cookie = normalizeCookieProps(data);
            cookie.url = extension.getCookieUrl(data);
            if (data.hostOnly) {
              cookie = _.omit(cookie, "domain");
            }
            /* hard code start */
            var currentTime = moment();
            var expires = data.expires;
            var expiry = data.expiry;
            if(( expiry && !expires) || (!expiry && expires)) {
              return;
            }
  
            if(expires &&  moment(expires) < currentTime ) {
              return;
            }
            /* hard code ends */
            return automate(cookie).then(normalizeCookieProps);
          }
        },
        clearCookie: function(data, automate) {
          if (isNamespaced(data)) {
            throw new Error("Sorry, you cannot clear a Cypress namespaced cookie.");
          } else {
            return automate(data).then(normalizeCookieProps);
          }
        },
        clearCookies: function(data, automate) {
          var clear;
          cookies = _.reject(normalizeCookies(data), isNamespaced);
          clear = function(cookie) {
            return automate("clear:cookie", {
              name: cookie.name
            }).then(normalizeCookieProps);
          };
          return Promise.map(cookies, clear);
        },
        changeCookie: function(data) {
          var c, msg;
          c = normalizeCookieProps(data.cookie);
          if (isNamespaced(c)) {
            return;
          }
          msg = data.removed ? "Cookie Removed: '" + c.name + "'" : "Cookie Set: '" + c.name + "'";
          return {
            cookie: c,
            message: msg,
            removed: data.removed
          };
        }
      };
    };
  
    cookies.normalizeCookies = normalizeCookies;
  
    cookies.normalizeCookieProps = normalizeCookieProps;
  
    module.exports = cookies;
  
  }).call(this);

I strongly suspect this unexpected error is related to cookie expires time. But I didn’t figure out the root cause.

@brian-mann Can you guys help to check for this issue agian? Seems this is such a common usage scenario for Cypress request() and visit(), there must be lots of developers encounter the same confusion here.

Great appreciate!

HeyDaniyar on Sep 3, 2018

Having the same problem.

darmalovan on Mar 25, 2018

Is the patch released? I’m running into the same problem

lsplogi on Mar 22, 2018

The code for this is done, but this has yet to be released. We’ll update this issue and reference the changelog when it’s released.

jennifer-shehane on Nov 1, 2018

Hi @brian-mann, we are doing a POC on using Cypress for our apps. We are also running into this issue. What is the eta on releasing this fix? You mentioned 3 days ago “may have a fix out in the next day or two”. Its a blocker for us.

paglajewel on Oct 25, 2018

Thanks for the prompt rely. @bahmutov I don’t intend to give up that easily, but do need a fix - any progress on this?

lukemadera on Mar 10, 2018