cypress: Cypress invalid proxy certificate affects disk cache

Current behavior:

Information that certificate error is purely cosmetic problem as specified here docs.cypress.io/faq/questions/using-cypress-faq.html is misleading.

Chrome, as reported here bugs.chromium.org/p/chromium/issues/detail?id=110649 ignores http caching when any error with ssl certificate occurs. This means that the application under the test is affected and not behaving as intended (http caching is fully disabled, app load time can be significantly slower…).

Desired behavior:

  1. Inform about this potential problem in FAQ
  2. Maybe inform that this problem can be resolved by importing CypressProxyCA from cy/production/proxy/certs/ca.pem to the Trusted Root Certification Authority store

Test code to reproduce

https://github.com/jsantha/cypress-invalid-cert

Versions

Chrome from version ~16 to actual (81) Windows 10 Cypress 4.5.0

About this issue

  • Original URL
  • State: open
  • Created 4 years ago
  • Reactions: 5
  • Comments: 26 (6 by maintainers)

Most upvoted comments

@valter11111 I’ve just tried this workaround again for latest cypress version and it still works, follow these steps:

  • import AppData/Roaming/Cypress/cy/production/proxy/certs/ca.pem
  • restart chrome (check for no background chrome processes in task manager)
  • run tests again and invalid cert warning should disappear
+3
jsantha on May 21, 2021

I agree with the original post, this is not only the cosmetic problem. Chromium browsers also block webRTC access (media devices are disabled) if there is “Not secure” connection.

Using Cypress 7.3

+2
valter11111 on May 21, 2021

That’s the final command we use as a workaround in our CI:

      - $COMPOSE_CMD run cypress bash -c "yarn cypress install && touch cypress/e2e/empty.cy.js && yarn cypress run --browser $BROWSER --spec cypress/e2e/empty.cy.js || true && apt update && apt install -y libnss3-tools && certutil -A -n Cypress -t 'TCu,Cu,Tu' -i /root/.config/Cypress/cy/production/proxy/certs/ca.pem -d sql:/root/.pki/nssdb && yarn cypress run --browser $BROWSER --spec $SPEC"

Are there chances to add an option --auto-import-ca to cypress ?

+1
amenk on May 12, 2023
  • Would it work to deploy an own valid certificate via https://docs.cypress.io/guides/references/client-certificates or does client certificates really mean client here and has no effect on the cypress proxy-server?
  • What is the path of AppData/Roaming/Cypress/cy/production/proxy/certs/ca.pem on Linux? ** EDIT: it’s ~/.config/Cypress/cy/production/proxy/certs/ca.pem
  • It can be imported at chrome://settings/certificates -> Authorities in any chrome instance (it seems to be globally trusted than even Cypress uses another User Profile)
  • I can confirm that importing that certificate solves the cache Problems in Cypress with Chrome 113
+1
amenk on May 5, 2023

I’ve recently migrated from Cypress v7.x to v9.7.0 and this issue (ERROR: No matching issuer found) happens on my CI only (Azure, Ubuntu). Sometimes it’s NOT happening.

I read a few threads and it seems issue was fixed in v10.2.0 which I anticipate to upgrade yet. @MichaelDimmitt refers here: https://github.com/cypress-io/cypress/discussions/22128

But I also see that @shammlo refers above to v10.8.0 as also not working version.

@jsantha, as author of this issue which is still open in Jan-2023, how about you?

+1
andrii-lundiak on Jan 21, 2023

@flotwig, my Cypress version is "cypress": "^10.8.0", and im still having this error, still receiving “Not secure”.

+1
shammlo on Sep 15, 2022
Read more comments on GitHub
← cypress: Cypress hung up trying to run a spec - won't resolve
cypress: Cypress is not capturing app XHR its only capturing 3rd party XHR calls →