chore: [Multi-origin] Correctly find the spec bridge if chromeWebSecurity set to false.

[mjhenkes]

• Closes

User facing changelog

n/a

Additional details

If chromeWebSecurity is set to false we can't rely on a security error to identify the correct spec bridge.

This PR adds some check to verify we are on the correct origin policy for the spec bridge.

How has the user experience changed?

PR Tasks

• Have tests been added/updated?
• Has the original issue (or this PR, if no issue exists) been tagged with a release in ZenHub? (user-facing changes only)
• Has a PR for user-facing changes been opened in cypress-documentation?
• Have API changes been updated in the type definitions?
• Have new configuration options been added to the cypress.schema.json?

[cypress-bot]

Thanks for taking the time to open a PR!

• Create a Draft Pull Request if your PR is not ready for review. Mark the PR as Ready for Review when you're ready for a Cypress team member to review the PR.
• Become familiar with the Code Review Checklist for guidelines on coding standards and what needs to be done before a PR can be merged.

[cypress]

---

Test summary

20731 • 0 • 258 • 4 • 3

---

Run details

Project	cypress
Status	Passed
Commit	653988b
Started	Apr 18, 2022 8:24 PM
Ended	Apr 18, 2022 8:41 PM
Duration	16:18 💡
OS	Linux Debian - 10.10
Browser	Multiple

View run in Cypress Dashboard ➡️

---

Flakiness

	cypress/integration/cypress/proxy-logging_spec.ts		3
1	Proxy Logging > request logging > xhr log has response body/status code when xhr response is logged second
2	Proxy Logging > request logging > xhr log has response body/status code when xhr response is logged second
3	Proxy Logging > request logging > xhr log has response body/status code when xhr response is logged second

---

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

[emilyrohrbough]

Given the PR title, I expect this test or a few tests to explicitly set chromeWebSecurity: false. Given we can't update that mid-test, it seems like a system-test should have been added to validate this??

[mjhenkes]

The 'positive' case of the code is tested for each origin. We verify the port, protocol, and that the host ends with the host from the spec bridge. You are correct that the 'negative' is not tested. I made the call that testing this case did not nessitate the cost of adding a system test (System tests seem expensive to me 🤷‍♂️ ). I can add a system test if the group disagrees with that reasoning.

[AtofStryker]

I could see the possibility of users maybe having chromeWebSecurity set to false while experimenting with cy.origin if they are trying the command out in their test suite without trying to refactor the rest of their tests, though I don't think this would be a pattern we would want to encourage. IMO, The system test could prove valuable, which we could shed the cost of once we remove chromeWebSecurity.

[mjhenkes]

I've updated an existing system test for chromeWebSecurity to also test this case.

[AtofStryker]

was a little late 😆

[AtofStryker]

I could see the possibility of users maybe having chromeWebSecurity set to false while experimenting with cy.origin if they are trying the command out in their test suite without trying to refactor the rest of their tests, though I don't think this would be a pattern we would want to encourage. IMO, The system test could prove valuable, which we could shed the cost of once we remove chromeWebSecurity.