Post request don't receive response using Google Chrome version 91

[fernandomartinez82]

The last few days, one of our tests started to fail when Google Chrome was updated from version 90 to version 91. The test checks that an invalid username or password message is shown.

With Chrome version 90 works successfully. With Chrome version 91, a message is never displayed. I think it is because a request ('shapermint.com/account/login') is not getting a response.

  cy.visit("https://www.shapermint.com/account/login")
  cy.get('#username').type("mailx@mail.com"); //you can randomize the email to avoid captcha
  cy.get('#CustomerPassword').type("invalidPsw");
  cy.get('.mg-both > .btn').click();
  cy.get('.html_li').invoke('text').should('eq', "Incorrect email or password.");

If we do the test 'manually' (without cypress), the problems are not reproduced. It doesn't matter which version of Chrome you used.

So, the problem only occurs with Chrome version 91 and any version of Cypress.

This issue also affects the correct login to the application.

[jennifer-shehane]

I am not seeing any difference in behavior from Chrome 90.0.4430.0 and Chrome 91.0.4472.77 using Cypress 7.4.0.

Could you specify the exact version that this previously worked and the exact version where it is failing now?

I do see that this does not function the same as Manually testing, so still seems to be some issue within testing in Cypress.

Looks like there is an error that may be relevant in the console.

Mixed Content: The page at 'https://shapermint.com/__/#/tests/integration/spec.js' was loaded over HTTPS, but requested an insecure form action 'http://shapermint.com/challenge'. This request has been blocked; the content must be served over HTTPS.

It looks like when visiting your site as https, it redirects to http, then back to https?

You can turn on chromeWebSecurity: false in your cypress config to get around this, but you may want to investigate this actual behavior in your application.

You can read more about mixed content here: https://web.dev/fixing-mixed-content/

[marinobrokerbay]

@jennifer-shehane I have been getting the same problem with Chrome 91. As a matter of fact, I had to downgrade Chrome to be able to continue testing. The problem is happening on the redirection. While with Chrome 90 redirections works fine, with 91 it does not. Unfortunately, when testing our sites, we have redirections to the auth URL and then back to the site. That is what is breaking.

[fernandomartinez82]

Hi @jennifer-shehane, thanks for watching. I forgot to mention that we use the settings chromeWebSecurity": false always. Also, we use HTTPS cy.visit("https://shapermint.com/account/login"), was my mistake pasting 'HTTP:' here in the example. The problem is not related to Mixed Content. We have more than 200 tests and this is the only functionality where we have the problem since the chrome update.

I share a repository for you to try: https://github.com/fernandomartinez82/cypressFromZero

Successfully: Chrome Version 90.0.4430.72 and Cypress 7.4.0 (or less) (video-> https://www.loom.com/share/c649e2691b5b481d9687bb70823dca55) Error: Chrome Version 91.0.4472.77 and Cypress 7.4.0 (or less) (video -> https://www.loom.com/share/3134007f1ed8431eb67d54a1b0372bcc)

[marinobrokerbay]

I was able to figure this out @fernandomartinez82 just disable it: https://www.chromium.org/updates/schemeful-same-site/testing-and-debugging-tips-for-schemeful-same-site You may talk with your developers also because this may be enforced by chrome in the future

[fernandomartinez82]

I was able to figure this out @fernandomartinez82 just disable it: https://www.chromium.org/updates/schemeful-same-site/testing-and-debugging-tips-for-schemeful-same-site You may talk with your developers also because this may be enforced by chrome in the future

Hi @marinobrokerbay . The problem is not about mixed content, I use HTTPS instead of HTTP. I edited the example from the main post. Also, I added 2 videos with the behaviors of differents browsers version

[jennifer-shehane]

@fernandomartinez82 When running the example where cy.visit goes to https, your website is redirecting to http and back to https. Chrome is warning you of this occurance and it is shown in the Cypress log that this is happening. Run the tests below and look at the cy.visit() log for the 301 redirects.

it('test', () => {
  cy.visit("https://www.shapermint.com/account/login")
  cy.get('#username').type("mailp@mail.com"); //you can randomize the email to avoid captcha
  cy.get('#CustomerPassword').type("invalidPsw");
  cy.get('.mg-both > .btn').click();
  cy.get('.html_li').invoke('text').should('eq', "Incorrect email or password.");
});

You can see this in your 'successful' video also. Here is a screenshot:

My guess is that Chrome 91 is being stricter about warnings?

---

Outside of this, there may be another issue that is causing the test to fail.

I seem to have accidentally permanently triggered the captcha checks, so I can't run the tests anymore without going through 8 pages of captcha verification.

[fernandomartinez82]

@jennifer-shehane I am consulting the development team about redirection. When I have an answer I will let you know. As I mentioned before, all our tests go through that URL (with redirection) and none have problems.

To test this and avoid captcha I can provide other code to make easier the test (also I update the repository shared https://github.com/fernandomartinez82/cypressFromZero)

cy.visit("https://www.shapermint.com/account/login")
cy.get('#username').type("modofam271@flmcat.com");
cy.get('#CustomerPassword').type("Zxcvb12345");
cy.get('.mg-both > .btn').click();  
cy.get('.user_name').contains('Welcome, test').should('be.visible');

[UPDATE] With Chrome version Version 91.0.4472.101 the issue is solved.

[cypress-app-bot]

This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided.

[cypress-app-bot]

This issue has been closed due to inactivity.