fix: Prepare for Chrome's update for immutable document.domain (#20405)

* Setting response header for origin-agent-cluster for runner, iframes, and proxied requests that have domain injection

* Adding comments around header injection

* Adding unit tests

packages/proxy/lib/http/response-middleware.ts

@@ -261,6 +261,17 @@ const SetInjectionLevel: ResponseMiddleware = function () {
     this.res.wantsInjection = getInjectionLevel()
   }
 
+  if (this.res.wantsInjection) {
+    // Chrome plans to make document.domain immutable in Chrome 106, with the default value
+    // of the Origin-Agent-Cluster header becoming 'true'. We explicitly disable this header
+    // so that we can continue to support tests that visit multiple subdomains in a single spec.
+    // https://github.com/cypress-io/cypress/issues/20147
+    //
+    // We set the header here only for proxied requests that have scripts injected that set the domain.
+    // Other proxied requests are ignored.
+    this.res.setHeader('Origin-Agent-Cluster', '?0')
+  }
+
   this.res.wantsSecurityRemoved = this.config.modifyObstructiveCode && isReqMatchOriginPolicy && (
     (this.res.wantsInjection === 'full')
     || resContentTypeIsJavaScript(this.incomingRes)

packages/proxy/test/unit/http/response-middleware.spec.ts

@@ -127,4 +127,66 @@ describe('http/response-middleware', function () {
       }
     }
   })
+
+  describe('SetInjectionLevel', function () {
+    const { SetInjectionLevel } = ResponseMiddleware
+
+    let ctx
+
+    beforeEach(function () {
+      ctx = {
+        req: {
+          proxiedUrl: 'http://proxy.com',
+          cookies: {
+            '__cypress.initial': true,
+          },
+          headers: {
+            accept: ['text/html', 'application/xhtml+xml'],
+          },
+        },
+        res: {
+          setHeader: sinon.stub(),
+        },
+        getRemoteState: () => {
+          return {
+            strategy: 'http',
+            props: {
+              domain: 'proxy',
+              port: '80',
+              tld: 'com',
+            },
+          }
+        },
+        getRenderedHTMLOrigins: () => {
+          return {}
+        },
+      }
+    })
+
+    it('does not set Origin-Agent-Cluster header to false when injection is not expected', function () {
+      ctx.incomingRes = {
+        headers: {
+          'content-type': 'foo/bar',
+        },
+      }
+
+      return testMiddleware([SetInjectionLevel], ctx)
+      .then(() => {
+        expect(ctx.res.setHeader).not.to.be.calledWith('Origin-Agent-Cluster', '?0')
+      })
+    })
+
+    it('sets Origin-Agent-Cluster header to false when injection is expected', function () {
+      ctx.incomingRes = {
+        headers: {
+          'content-type': 'text/html',
+        },
+      }
+
+      return testMiddleware([SetInjectionLevel], ctx)
+      .then(() => {
+        expect(ctx.res.setHeader).to.be.calledWith('Origin-Agent-Cluster', '?0')
+      })
+    })
+  })
 })

packages/server/lib/controllers/iframes.ts

@@ -31,6 +31,12 @@ export const iframesController = {
       extraOptions,
     })
 
+    // Chrome plans to make document.domain immutable in Chrome 106, with the default value
+    // of the Origin-Agent-Cluster header becoming 'true'. We explicitly disable this header
+    // so that we can continue to support tests that visit multiple subdomains in a single spec.
+    // https://github.com/cypress-io/cypress/issues/20147
+    res.setHeader('Origin-Agent-Cluster', '?0')
+
     files.handleIframe(req, res, config, getRemoteState, extraOptions)
   },
 

packages/server/lib/controllers/runner.ts

@@ -33,6 +33,12 @@ export const serveRunner = (runnerPkg: RunnerPkg, config: Cfg, res: Response) =>
 
   const runnerPath = process.env.CYPRESS_INTERNAL_RUNNER_PATH || getPathToIndex(runnerPkg)
 
+  // Chrome plans to make document.domain immutable in Chrome 106, with the default value
+  // of the Origin-Agent-Cluster header becoming 'true'. We explicitly disable this header
+  // so that we can continue to support tests that visit multiple subdomains in a single spec.
+  // https://github.com/cypress-io/cypress/issues/20147
+  res.setHeader('Origin-Agent-Cluster', '?0')
+
   return res.render(runnerPath, {
     base64Config,
     projectName: config.projectName,

packages/server/test/unit/iframes_spec.js

@@ -0,0 +1,32 @@
+require('../spec_helper')
+
+const { iframesController } = require(`${root}/lib/controllers/iframes`)
+const files = require(`${root}/lib/controllers/files`)
+
+describe('controllers/iframes', () => {
+  describe('e2e', () => {
+    it('sets Origin-Agent-Cluster response header to false', () => {
+      sinon.stub(files, 'handleIframe')
+
+      const mockReq = {}
+      const mockRes = {
+        setHeader: sinon.stub(),
+      }
+
+      const controllerOptions = {
+        getSpec: sinon.stub(),
+        getRemoteState: sinon.stub(),
+        config: {},
+      }
+
+      iframesController.e2e(controllerOptions, mockReq, mockRes)
+
+      expect(mockRes.setHeader).to.have.been.calledWith('Origin-Agent-Cluster', '?0')
+      expect(files.handleIframe).to.have.been.calledWith(
+        mockReq, mockRes, controllerOptions.config, controllerOptions.getRemoteState, sinon.match({
+          specFilter: undefined, specType: 'integration',
+        }),
+      )
+    })
+  })
+})

packages/server/test/unit/runner_spec.js

@@ -0,0 +1,19 @@
+require('../spec_helper')
+
+const { serveRunner } = require(`${root}/lib/controllers/runner`)
+
+describe('controllers/runner', () => {
+  describe('serveRunner', () => {
+    it('sets Origin-Agent-Cluster response header to false', () => {
+      const mockRes = {
+        setHeader: sinon.stub(),
+        render: sinon.stub(),
+      }
+
+      serveRunner('runner', {}, mockRes)
+
+      expect(mockRes.setHeader).to.have.been.calledWith('Origin-Agent-Cluster', '?0')
+      expect(mockRes.render).to.have.been.called
+    })
+  })
+})