Redirected to chrome-error://chromewebdata/ when X-Frame-Options present on redirected domain

[gerardovanegas-eagle]

Current behavior:

I get this screen when I try to access certain pages:

This I can easily access on the same browser used by cypress

I have my "chromeWebSecurity": false on my cypress file just in case

Desired behavior:

Continue executing the test. Access the pages that are completely accessible when not accessed through cypress' chrome

Steps to reproduce: (app code and test code)

This is my code, I hope this one is reproducible:

describe('Happy Path B2C / Checkout V2 ', function () {
beforeEach("Home - Catalog - PP - Cart", function(){

        //Going directly to product's page 
        cy.visit('https://juntozstagingv2.com/es-pe/');

        //Closing Ads
        cy.get("div[data-action='close-mc-modal']").click({force:true})

        //Triggerin Login
        cy.get("a[aria-haspopup='true']").click();
        cy.get("a[href='https://juntozstagingv2.com/account/login']").click();
    })
});

┆Issue is synchronized with this Jira Epic by Unito

[jennifer-shehane]

Cypress cannot visit 2 superdomains within the same test. Although the href does equal juntozstagingv2, the url is redirecting to account.juntoz-staging.com upon click.

I would suggest taking a look at one of our recipes testing clicking into links with a different domain and restructuring your test to account for this.

[emijmker]

I have the same issue, it works in 3.2.0. After updating to 3.3.1 i now get this error as well. Also have "chromeWebSecurity": false, yes working cross domain but didn't have the issue before the update.

[Vinod-Gulia]

I'm facing the same issue after upgrading cypress to cypress@3.4.0. Is there a solution found already?

[dave0688]

Have exactly the same issue. Cypress looks nice, but if such "simple" things do not work it's hard to work with it.

[Sjeiti]

I would suggest taking a look at one of our recipes testing clicking into links with a different domain and restructuring your test to account for this.

We get the same error and we're on one superdomain. We are however using a subdomain for authentication. The referenced solutions are specifically for other superdomains.

The last version that still worked for us was 3.2.0

When we install the latest Cypress (3.4.1) the tests run up until the first redirect (from https://bar.foo to https://login.bar.foo). It errors with the cross-origin error message.

When we add chromeWebSecurity:false to the settings we fail before redirecting to a subdomain with chrome-error://chromewebdata/ in the address bar and the following error stacktrace (failed trying to load):

Error: write EPROTO 101057795:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:c:\projects\electron\vendor\node\deps\openssl\openssl\ssl\s23_clnt.c:802:

    at _errnoException (util.js:1024:11)
    at WriteWrap.afterWrite (net.js:867:14)

Cypress 3.3.0 throws the same errors so something in that changelog should have caused it.

The one change that stands out are the proxy settings. We did find a proxy in the registry but adding it to HTTP_PROXY and HTTPS_PROXY simply causes the tests to fail altogether (a blank test page without the Cypress ui). Previously it failed after login. We did suddenly get the message that Cypress couldn't verify the baseurl running (which is running).

Maybe it is not really a proxy issue ? (since we can login but the subdomain redirect fails) We are running out of ideas here.

[pardonmeme]

Also got that issue, Our app is redirecting directly to our auth(which is a seperated domain) if user is not logged in and then redirects back to the app. But it seems like it just shows that chrome-error://chromewebdata/

:/

[chhiragkataria]

We are facing the same issue - on 3.4.1 and see chrome-error://chromewebdata/ Has anyone found a workaround? Why is the cypress team not looking into it?

[gastonmorixe]

Same

[soomro12]

Same issue we are facing. Any solution??

[PrinceSoni83]

I also have the same issue with chrome Version 78.0.3904.108

[as001622]

It seems related to chromium version, after installing chrome Version 78.0.3904.108-1 I was available to run tests without that error.

[adomyaty55foundry]

Reporting in, I'm having this same issue and would love for Cypress to better handle/solve this. It's an annoying one especially when testing OAuth2 and other stuff that requires domain changing. These things are common nowadays and we should account for allowing us to test such cases.

[JasonTheAdams]

~Same issue here while using the same superdomain. The tests work locally, but when running on CircleCI we're running from http://localhost:8000. The page redirects to http://app.localhost:8000 after login is successful. This is when the error happens.~

Turns out that our issue had to do with the domains not resolving properly in the container. I did some dnsmasq work and that resolved the issue. In short, we're using actual domains (not localhost) in our CircleCI tests now and set up a dnsmasq wildcard to catch everything for the domain.

[gmbarroso]

@jennifer-shehane is there any updates where it will be possible to access more domains at the same test? Cause it seems a lot of people try this.

Me, for example, I can't open some modal in a table just because this modal verifies the user token to open it.

I'm keeping having this issue and it is really annoying.

Thanks

[webartdev]

Same issue here while testing Auth and other stuff that requires domain changing.

[JasonTheAdams]

I want to loop back and report that our issue was our own problem. I've updated my comment above.

[HumbertoF]

same issue here, it is very annoying! :(

[visuallization]

We are having the same issue on cypress 3.5.0 and "chromeWebSecurity": false set.

[jennifer-shehane]

Unfortunately no one has provided enough information to reproduce the problem. This means that we do not have a path to move forward, so no, no progress has been made on this issue as we cannot see this error on our machines with no reproducible example.

Please comment in this issue with a reproducible example so we can begin addressing the issue.

[khitrenovich]

Can this be a duplicate of https://github.com/cypress-io/cypress/issues/1506 maybe?

[AlexanderHritsun]

Good day everyone! I have the same issue and wanna describe how I fixed it.

Application features: 1) We have the main domain - https://condogenie-app and can create "accounts" from it. Every account has own subdomain for example: https://staging.condogenie-app where "staging" is the unique account name 2) To create a new account we are navigating to https://condogenie-app/account-sign-up. On this page, we set the account name and click the 'Finish' button. After this action system navigates us to subdomain page: https://staging.condogenie-app/account-sign-up-finish Exactly on this step, the issue arises.

Strangeness: 1) The issue started to reproduce one week ago before it no problems occurred 2) If "chromeWebSecurity": true - cypress shows 'cross-origin security' error 3) If "chromeWebSecurity": false- we get chrome-error://chromewebdata/ and the cypress runner crashed

How I fixed it: It was surprising for me, but no error arises for my old code(which was written several weeks or months ago). So I started comparing new and old code and couldn`t find any differences. That why I decided to copy the old code to the new file(it is working). After that I started to delete parts of the old code and found that the issue arises if we change the variables names! Example of variables with which tests passed:

export const renterEmail = 'renter4booking@example.com';
export const renterFname = 'Renter';
export const renterLname = 'Book';
export const accountName = `bookings${Date.now()}`; 

Example of variables with which tests failed:

export const accountName = `bookings_tests${Date.now()}`;
export const renterEmail = 'renter4bookings@example.com';
export const renterFname = 'Renter';
export const renterLname = 'Bookings';

I can`t explain this strange behavior. I tried to change variables import order but it changes nothing. Besides, if I write a new code it will be crashed. Hope this information will help you in the issue investigation

[visuallization]

Good day everyone! I have the same issue and wanna describe how I fixed it.

Application features:

1. We have the main domain - https://condogenie-app and can create "accounts" from it. Every account has own subdomain for example: https://staging.condogenie-app where "staging" is the unique account name
2. To create a new account we are navigating to https://condogenie-app/account-sign-up. On this page, we set the account name and click the 'Finish' button. After this action system navigates us to subdomain page: https://staging.condogenie-app/account-sign-up-finish Exactly on this step, the issue arises.

Strangeness:

1. The issue started to reproduce one week ago before it no problems occurred
2. If "chromeWebSecurity": true - cypress shows 'cross-origin security' error
3. If "chromeWebSecurity": false- we get chrome-error://chromewebdata/ and the cypress runner crashed

How I fixed it: It was surprising for me, but no error arises for my old code(which was written several weeks or months ago). So I started comparing new and old code and couldn`t find any differences. That why I decided to copy the old code to the new file(it is working). After that I started to delete parts of the old code and found that the issue arises if we change the variables names! Example of variables with which tests passed:

export const renterEmail = 'renter4booking@example.com';
export const renterFname = 'Renter';
export const renterLname = 'Book';
export const accountName = `bookings${Date.now()}`; 

Example of variables with which tests failed:

export const accountName = `bookings_tests${Date.now()}`;
export const renterEmail = 'renter4bookings@example.com';
export const renterFname = 'Renter';
export const renterLname = 'Bookings';

I can`t explain this strange behavior. I tried to change variables import order but it changes nothing. Besides, if I write a new code it will be crashed. Hope this information will help you in the issue investigation

Thank you for taking the time to report this here! That's a strange issue indeed. Let's hope cypress team has some ideas.

[anveshpuli]

Facing the same issue , tried setting the cookies SameSite = none but haven't got any better results . Looking forward to hear back soon!!

[XiangyangShi]

Reporting in, similar with adomyaty55foundry@

My website is for internal use and I use Cypress for testing OAuth2. [tab_handling_anchor_links_spec.js] doesn't help since the login button will contains lots redirects and the middle station is within another Authorizer domain we own. These things are common use cases nowadays.

[jennifer-shehane]

Unfortunately no one has provided enough information to reproduce the problem. This means that we do not have a path to move forward, so no, no progress has been made on this issue as we cannot see this error on our machines with no reproducible example.

Please comment in this issue with a reproducible example so we can begin addressing the issue.

[pshynin]

to reproduce the problem you really need to click the link with external resource like itunes, google play store, amazon etc.. test will look like this example provided by cypress team: https://github.com/cypress-io/cypress-example-recipes/blob/master/examples/testing-dom__tab-handling-links/cypress/integration/tab_handling_anchor_links_spec.js#L74

Since Cypress does not support switching between tabs, we need to make it open in current tab resetting href attribute to default _target value by removing it entirely:

.invoke('removeAttr', 'target')

or by setting it to _self :

.invoke('attr', 'target', '_self')

then source will be opened in current tab and another problem will appear as described in this ticket:

(NEW URL)
chrome-error://chromewebdata/
URL
ASSERT
expected chrome-error://chromewebdata/ to include google.com

as you can see I expected cy.url().should('include', 'google.com'); but instead url was chrome-error://chromewebdata/

Example of button to click:

<a href="https://play.google.com/store/apps/details" test-id="google-play" target="_blank">

Example of test verification:

cy.get('[test-id="google-play"]').invoke('attr', 'target', '_self').click();
cy.url().should('include', 'google.com');

PS: I also tried exporting HTTP_PROXY but this did not work either and is really overkill especially in case where we have many links to test.

hopefully this is something cypress team willing to implement sooner

[jennifer-shehane]

@pshynin Thank you for providing a reproducible example!

The below example does not error if the link is going to say, example.cypress.io, so the issue doesn't lie in itself with clicking a _self link, but something combined with the play.google.com website being the link target.

To reproduce

cypress.json

{
  "chromeWebSecurity": false
}

index.html

<html>
<body>
  <a href="https://play.google.com" target="_self">Google</a>
</body>
</html>

spec.js

it('Visit cross origin link', () => {
  cy.visit('index.html')
  cy.get('a').click()
  cy.url().should('include', 'google.com')
})

This used to show the 'Whoops, we can't run your tests' error and open the new link in a new tab prior to 3.2.0. But, it's never really worked correctly.

3.1.5

3.2.0

[pshynin]

is 'Whoops, we can't run your tests' expected result ? though expected is to actually handle external link in current tab

unless we can switch between tabs back and forth.. (which isn't supported I think)

[ysdidenko]

We have the same issue. We use a call to an external link for authorization. cy.request('https://our-identity-server.com'); It worked well until 3.2.0. Most interesting thing is that it works on Electron 78, but fails with Chrome 80

[jennifer-shehane]

@pshynin No, neither of these results are considered working.

Ok, even better - I was able to replicate this with an application under our control. This happens when the link clicked is https://www.cypress.io with no target attr needed.

This is super strange.

cypress.json

{
  "chromeWebSecurity": false
}

index.html

<html>
<body>
  <a href="https://example.cypress.io">Example</a>
  <a href="https://docs.cypress.io">Docs</a>
  <a href="https://www.cypress.io">Cypress</a>
</body>
</html>

spec.js

it('Visit cross origin link 1', () => {
  cy.visit('index.html')
  cy.contains('Example').click()
  cy.url().should('include', 'example.cypress.io') // passes
})

it('Visit cross origin link 2', () => {
  cy.visit('index.html')
  cy.contains('Docs').click()
  cy.url().should('include', 'docs.cypress.io') // passes
})

it('Visit cross origin link 3', () => {
  cy.visit('index.html')
  cy.contains('Cypress').click()
  // expected chrome-error://chromewebdata/ to include www.cypress.io
  cy.url().should('include', 'www.cypress.io') // fails
})

[Bheemaanil]

same issue on "cypress": "^4.0.1" with "chromeWebSecurity": false, :(

[ysdidenko]

Upgrading to 4.2.0 fixed an issue for us

[khitrenovich]

Upgrading to 4.2.0 fixed an issue for us

Nothing changed after upgrade to v4.2 for us. We see the same error in our project.

[PiteroS678]

Hi, You can overcome that by proxy which will tell browser to allow specific ancestors of iframe through sending additional Content-Security-Policy header (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors) with response of page which has different domain.

For example (using mitmproxy https://github.com/mitmproxy/mitmproxy on Windows):

1. Create an addon which will add the header to response (example below adds the header to all responses processed by proxy).

   
   from mitmproxy import http

def response(flow: http.HTTPFlow) -> None: flow.response.headers["Content-Security-Policy"] = "frame-ancestors https://juntozstagingv2.com"

2. Load the addon with mitmproxy startup i.e: `mitmweb -s path/to/addon.py`
3. Tell Cypress to use `mitmproxy` through **System variable** (other OS: https://docs.cypress.io/guides/references/proxy-configuration.html#Set-a-proxy-on-Linux-or-macOS)
Name: `HTTP_PROXY`
Value: `127.0.0.1:8080` - default proxy address
4. Open new console and launch cypress (**`"chromeWebSecurity": false` in `cypress.json` is still required**)

From now, the error shouldn't appear :)

[sharif331]

@jennifer-shehane Hi, I am looking for new automation tools for my current organization and I am exploring cypress with one of our projects and I am also getting same issues, is Cypress team is working on this issue to resolve it. If you can give any update on this issue that will be a great help for my project is having lots of subdomains so this is very much important for me.

[poponuts]

Upvote here. I am having same error.

[AndersonZacharyT]

same same

[headfox23]

Same issue...even with the Ignore-X-Frame-headers_v1.1 loaded headless it does not work

[khitrenovich]

@jennifer-shehane I have some input other that "same same" here.

We have an app with the following setup -

+---------+                 +-------+ +-----+
| Browser |                 | MyApp | | IdP |
+---------+                 +-------+ +-----+
     |                          |        |
     | Click "Login" button     |        |
     |------------------------->|        |
     |                          |        |
     |          Redirect to IdP |        |
     |<-------------------------|        |
     |                          |        |
     | Start login flow         |        |
     |---------------------------------->|
     |                          |        |
     |           Show credentials prompt |
     |<----------------------------------|
     |                          |        | ------------------------\
     |                          |        |-| multi-step login flow |
     |                          |        | |-----------------------|
     |                          |        |
     |            Redirect back to MyApp |
     |<----------------------------------|
     |                          |        |

Cypress is able to make through the login flow when MyApp is deployed in the cloud (in S3, behind CloudFront, with real URL/certificate and such), but fails with chrome-error:// on redirect to IdP when testing it locally (deployed on http://localhost:8080.

Obviously, in both cases IdP is a cloud service with valid FQDN and certificate.

Hope it helps.

[paprikati]

Hi @jennifer-shehane We're on cypress 4.2.0. We have a redirect component, which calls window.location.assign(externalURL). The externalURL is calling another port on localhost - there's no server there though.

Ideally, I'd be able to assert that the url has changed (cy.url() etc), and then move on (I don't need to actually load the page - I just want to assert that the redirect has occurred).

I think this is the same issue? I again receive the error

[vijayfelixraj]

I have same issue. Please help.

Thanks in advance

[jennifer-shehane]

So, when I try to recreate this visiting our www.cypress.io website while locally running it...I can't reproduce it.

Localhost

spec.js

it('Visit cross origin link 3', () => {
  cy.visit('index.html')
  cy.contains('Cypress').click()
  cy.url().should('include', 'localhost') // passes 🙄 
})

index.html with website locally running

<html>
<body>
    <a href="http://localhost:8000/">Cypress</a>
</body>
</html>

URL doesn't exist

I can recreate this with a url that doesn't exist:

index.html

<html>
<body>
    <a href="https://foobar">Foobar</a>
</body>
</html>

spec.js

it('Visit cross origin link 3', () => {
  cy.visit('index.html')
  cy.contains('Foobar').click()
  // redirects to chrome-error://chromewebdata/
  cy.url().should('include', 'foobar') // fails
})

  cypress:server:server HTTPS request does not match URL: https://foobar:443 with props: null +1ms
  cypress:https-proxy Making connection to foobar:443 +0ms
  cypress:https-proxy getting proxy URL { port: 443, serverPort: 54700, sniPort: 54702, url: 'https://foobar:443' } +0ms
  cypress:network:connect received error on connect, retrying { iteration: 0, delay: 0, err: Error: getaddrinfo ENOTFOUND foobar     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:60:26) { errno: 'ENOTFOUND', code: 'ENOTFOUND', syscall: 'getaddrinfo', hostname: 'foobar' } } +134ms
  cypress:network:connect received error on connect, retrying { iteration: 1, delay: 100, err: Error: getaddrinfo ENOTFOUND foobar     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:60:26) { errno: 'ENOTFOUND', code: 'ENOTFOUND', syscall: 'getaddrinfo', hostname: 'foobar' } } +4ms
  cypress:server:run browser launched +935ms
  cypress:network:connect received error on connect, retrying { iteration: 2, delay: 200, err: Error: getaddrinfo ENOTFOUND foobar     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:60:26) { errno: 'ENOTFOUND', code: 'ENOTFOUND', syscall: 'getaddrinfo', hostname: 'foobar' } } +105ms
  cypress:network:connect received error on connect, retrying { iteration: 3, delay: 200, err: Error: getaddrinfo ENOTFOUND foobar     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:60:26) { errno: 'ENOTFOUND', code: 'ENOTFOUND', syscall: 'getaddrinfo', hostname: 'foobar' } } +206ms
  cypress:network:connect retries exhausted, bubbling up error { iteration: 4, err: Error: getaddrinfo ENOTFOUND foobar     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:60:26) { errno: 'ENOTFOUND', code: 'ENOTFOUND', syscall: 'getaddrinfo', hostname: 'foobar' } } +208ms
  cypress:https-proxy received upstreamSocket callback for request { port: '443', hostname: 'foobar', err: Error: getaddrinfo ENOTFOUND foobar     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:60:26) { errno: 'ENOTFOUND', code: 'ENOTFOUND', syscall: 'getaddrinfo', hostname: 'foobar' } } +527ms
  cypress:https-proxy received error on client browserSocket { err: Error: getaddrinfo ENOTFOUND foobar     at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:60:26) { errno: 'ENOTFOUND', code: 'ENOTFOUND', syscall: 'getaddrinfo', hostname: 'foobar' }, url: 'foobar:443' } +0ms

www.cypress.io

I can recreate this however visiting our staging or production website, meaning something is changed during deployment that is affecting this.

spec.js

it('Visit cross origin link 3', () => {
  cy.visit('index.html')
  cy.contains('Cypress').click()
// redirects to chrome-error://chromewebdata/
  cy.url().should('include', 'cypress.io') // fails
})

index.html

<html>
<body>
    <a href="https://www.cypress.io/">Cypress</a>
</body>
</html>

  cypress:server:server Got CONNECT request from www.cypress.io:443 +79ms
  cypress:https-proxy Writing browserSocket connection headers { url: 'www.cypress.io:443', headLength: 0, headers: { host: 'www.cypress.io:443', 'proxy-connection': 'keep-alive', 'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Cypress/4.4.0 Chrome/80.0.3987.158 Electron/8.2.0 Safari/537.36' } } +919ms
  cypress:https-proxy Got first head bytes { url: 'www.cypress.io:443', head: '\u0016\u0003\u0001\u0002\u0000\u0001\u0000\u0001�\u0003\u0003�K\u0019�&��N��E�ref�/󺄒���/67�,}� \\�!$��&\u0018��1J\u000e\u001e���h\f���' } +1ms
  cypress:server:server HTTPS request does not match URL: https://www.cypress.io:443 with props: null +1ms
  cypress:https-proxy Making connection to www.cypress.io:443 +0ms
  cypress:https-proxy getting proxy URL { port: 443, serverPort: 54719, sniPort: 54721, url: 'https://www.cypress.io:443' } +0ms
  cypress:network:connect successfully connected { opts: { port: '443', host: 'www.cypress.io', getDelayMsForRetry: [Function: getDelayForRetry] }, iteration: 0 } +207ms
  cypress:https-proxy received upstreamSocket callback for request { port: '443', hostname: 'www.cypress.io', err: undefined } +80ms
  cypress:server:util:socket_whitelist whitelisting socket { localPort: 54733 } +1s
  cypress:server:run browser launched +929ms
  cypress:server:socket automation:request take:screenshot { titles: [ 'Visit cross origin link 3' ], testId: 'r2', simple: true, testFailure: true, capture: 'runner', clip: { x: 0, y: 0, width: 1000, height: 660 }, viewport: { width: 1280, height: 720 }, scaled: true, blackout: [], startTime: '2020-04-14T09:06:11.117Z' } +5s

[MariyaQA]

Cypress version 4.4.0 same issue

trying to test payment methods in sandbox. It's weird that testing of PaySafe method is working correct(transfer from one superdomain to another, fill info and go back), but iDeal method is failed with chrome-error://chromewebdata/ when redirect should perform

[paprikati]

@jennifer-shehane - could it be about CORS? if chrome is hitting the OPTIONS command first, and then gets something it doesn't like and falls over? They made some CORS changes in v76 https://bugs.chromium.org/p/chromium/issues/detail?id=989443

[MisterGlass]

Started seeing this issue in CI yesterday. We pushed a big folder restructure to our repo and it broke builds for a few days, when we were fixing it all we ran into this.

We do not see this running the client CLI or interactive. But we use the cypress/included:4.4.0 docker image to run the tests in CI. I ran my tests from that and was able to reproduce the error locally.

So, it works when invoked in my local (OSX Catalina) shell, but doesn't in the docker image.

[chepelevdi]

Same Issue, any updates on this?

[niallobrien]

Running into this same issue atm.

[poponuts]

Started seeing this issue in CI yesterday. We pushed a big folder restructure to our repo and it broke builds for a few days, when we were fixing it all we ran into this.

We do not see this running the client CLI or interactive. But we use the cypress/included:4.4.0 docker image to run the tests in CI. I ran my tests from that and was able to reproduce the error locally.

So, it works when invoked in my local (OSX Catalina) shell, but doesn't in the docker image.

See if rolling back to the previous version of Cypress works (4.3.0). I used that as a workaround as I had heaps of issues with the latest version.

[jennifer-shehane]

@paprikati Testing this theory - running the test above through Chromium 75 should work. I've run it through Chromium 75 and it is the same failure - rerouting to chrome-error://chromewebdata/, so I don't think this is the issue.

[MisterGlass]

@poponuts Sorry, I forgot to mention, we were on an old version (I think 3.7?) before we ran into this. As one of my early debug steps I upgraded to the highest revision in three and then after a cursory look at the changelog moved to latest.

Big thanks to cypress for making upgrades super easy, no trouble with the major version upgrade.

So I don't think a rollback to 4.3 would help, considering we tried multiple older versions. If I have spare time in the morning I might fire off a run anyway.