Setting experimentalModifyObstructiveThirdPartyCode on True will have a negative impact in interacting with iframes

cypress-io / cypress

Fast, easy and reliable testing for anything that runs in a browser.

https://cypress.io

MIT License

46.72k stars 3.16k forks source link

Setting experimentalModifyObstructiveThirdPartyCode on True will have a negative impact in interacting with iframes #29225

Open vudrescu opened 5 months ago

vudrescu commented 5 months ago

Current behavior

there is the following scenario: the social login button are available inside of an iframe. In order to interact with iframes in cypress I've set: chromeWebSecurity:false

As far as I read in the Cypress documentation it is required to set the experimentalModifyObstructiveThirdPartyCode on True in order to action across the social login, but by setting this to True, tests will not interact properly with iframes, specifically iframes can no longer be opened.

https://discord.com/channels/755913899261296641/1212306313824964658

Desired behavior

Setting experimentalModifyObstructiveThirdPartyCode:True and chromeWebSecurity:false should not be an impediment for working with iframes.

Test code to reproduce

chromeWebSecurity: false,
experimentalModifyObstructiveThirdPartyCode:True

Cypress Version

13.6.6

Node version

18.15.0

Operating System

macOS 14.3

Debug Logs

No response

Other

No response

guilhermesousa-cwi commented 3 months ago

@vudrescu @jennifer-shehane This case of yours is similar to an issue I opened that did not progress with the Cy team https://github.com/cypress-io/cypress-documentation/issues/5372

yeus commented 2 months ago

I think I might have some more infos on this. I am testing an app as an iframe. When enabling experimentalModifyObstructiveThirdPartyCode, My app simply doesn't recognize anymore that its in an iframe. I am using the "quasar" framework for this. The relevant code I am using is:

import { useQuasar } from 'quasar';
const $q = useQuasar();

// this is the relevant line!
$q.platform.within.iframe

Here, $q.platform.within.iframe (used inside the iframe which I am testing) doesn't work anymore, as soon as we turn on experimentalModifyObstructiveThirdPartyCode:True. It will always show "false" even if it is running in an iframe.

This is where quasar detects whether it is in an iframe... It uses "iframe: window.self !== window.top".

https://github.com/quasarframework/quasar/blob/e4ae5215fd584ba5324db2a9123ab7b8a36984bb/ui/src/plugins/platform/Platform.js#L309

I am also wondering if that's good way to detect whether we're in an iframe.

jennifer-shehane commented 2 months ago

@yeus Is there a reason you have experimentalModifyObstructiveThirdPartyCode set if you don't want its intended behavior? It will remove obstructive code from 3rd party js/html files - like frame busting code.

yeus commented 2 months ago

@yeus Is there a reason you have experimentalModifyObstructiveThirdPartyCode set if you don't want its intended behavior? It will remove obstructive code from 3rd party js/html files - like frame busting code.

I am setting it because I am testing access to third party storage providers like gdrive which need OAUTH login.