Open scottohara opened 4 years ago
scottohara
commented
4 years ago Suspecting it may be something to do with the /#!/ in the path, also tried different combinations of:
// cypress.json - "baseUrl": "http://localhost:5000"
cy.visit("/#!/accounts");// cypress.json - "baseUrl": "http://localhost:5000/#!"
cy.visit("/accounts");// cypress.json - "baseUrl": "http://localhost:5000/#!/"
cy.visit("accounts");Same result each time.
scottohara
commented
2 years ago On further inspection (after having removed & re-added chromeWebSecurity: false numerous times) is that setting this option controls the --disable-web-security command-line argument when launching Chrome:
In turn, this command-line argument controls numerous things in Chrom(e|ium), including CORS.
Another error we have seen is cannot set property name of which has only a getter, which is resolved by disabling web security.
As described in the Cypress docs, same-origin policy can cause issues with cross-origin iframes etc.
However we don't use cross-origin iframes, navigate to other domains or perform any JS redirects. We're an SPA with client-side routing, and the URL never changes.
So it is unclear why we still need to set
chromeWebSecurity: falsein ourcypress.jsonconfig?Without this setting, when calling
cy.visit("/#!/some/route");(which should not change the origin or do anything with iframes), we get the following error:Would like to understand why Cypress thinks this is a cross-origin frame.