chore: enforce strict origin spec bridges

packages/app/src/runner/aut-iframe.ts

@@ -93,7 +93,7 @@ export class AutIframe {
    * Otherwise, if top and the AUT match origins, the method returns true.
    * If the AUT origin is "about://blank", that means the src attribute has been stripped off the iframe and is adhering to same origin policy
    */
-  doesAUTMatchTopSuperOriginPolicy = () => {
+  doesAUTMatchTopOriginPolicy = () => {
     const Cypress = this.eventManager.getCypress()
 
     if (!Cypress) return true
@@ -103,7 +103,7 @@ export class AutIframe {
       const locationTop = Cypress.Location.create(window.location.href)
       const locationAUT = Cypress.Location.create(currentHref)
 
-      return locationTop.superDomainOriginPolicy === locationAUT.superDomainOriginPolicy || locationAUT.superDomainOriginPolicy === 'about://blank'
+      return locationTop.originPolicy === locationAUT.originPolicy || locationAUT.originPolicy === 'about://blank'
     } catch (err) {
       if (err.name === 'SecurityError') {
         return false
@@ -147,7 +147,7 @@ export class AutIframe {
   }
 
   restoreDom = (snapshot) => {
-    if (!this.doesAUTMatchTopSuperOriginPolicy()) {
+    if (!this.doesAUTMatchTopOriginPolicy()) {
       /**
        * A load event fires here when the src is removed (as does an unload event).
        * This is equivalent to loading about:blank (see https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-src).

packages/app/src/runner/event-manager.ts

@@ -611,8 +611,8 @@ export class EventManager {
     })
 
     // Reflect back to the requesting origin the status of the 'duringUserTestExecution' state
-    Cypress.primaryOriginCommunicator.on('sync:during:user:test:execution', ({ specBridgeResponseEvent }, superDomainOriginPolicy) => {
-      Cypress.primaryOriginCommunicator.toSpecBridge(superDomainOriginPolicy, specBridgeResponseEvent, cy.state('duringUserTestExecution'))
+    Cypress.primaryOriginCommunicator.on('sync:during:user:test:execution', ({ specBridgeResponseEvent }, originPolicy) => {
+      Cypress.primaryOriginCommunicator.toSpecBridge(originPolicy, specBridgeResponseEvent, cy.state('duringUserTestExecution'))
     })
 
     Cypress.on('request:snapshot:from:spec:bridge', ({ log, name, options, specBridge, addSnapshot }: {
@@ -653,22 +653,22 @@ export class EventManager {
       Cypress.primaryOriginCommunicator.toAllSpecBridges('before:unload', origin)
     })
 
-    Cypress.primaryOriginCommunicator.on('expect:origin', (superDomainOriginPolicy) => {
-      this.localBus.emit('expect:origin', superDomainOriginPolicy)
+    Cypress.primaryOriginCommunicator.on('expect:origin', (originPolicy) => {
+      this.localBus.emit('expect:origin', originPolicy)
     })
 
-    Cypress.primaryOriginCommunicator.on('viewport:changed', (viewport, superDomainOriginPolicy) => {
+    Cypress.primaryOriginCommunicator.on('viewport:changed', (viewport, originPolicy) => {
       const callback = () => {
-        Cypress.primaryOriginCommunicator.toSpecBridge(superDomainOriginPolicy, 'viewport:changed:end')
+        Cypress.primaryOriginCommunicator.toSpecBridge(originPolicy, 'viewport:changed:end')
       }
 
       Cypress.primaryOriginCommunicator.emit('sync:viewport', viewport)
       this.localBus.emit('viewport:changed', viewport, callback)
     })
 
-    Cypress.primaryOriginCommunicator.on('before:screenshot', (config, superDomainOriginPolicy) => {
+    Cypress.primaryOriginCommunicator.on('before:screenshot', (config, originPolicy) => {
       const callback = () => {
-        Cypress.primaryOriginCommunicator.toSpecBridge(superDomainOriginPolicy, 'before:screenshot:end')
+        Cypress.primaryOriginCommunicator.toSpecBridge(originPolicy, 'before:screenshot:end')
       }
 
       handleBeforeScreenshot(config, callback)
@@ -861,9 +861,9 @@ export class EventManager {
     this.ws.emit('spec:changed', specFile)
   }
 
-  notifyCrossOriginBridgeReady (superDomainOriginPolicy) {
+  notifyCrossOriginBridgeReady (originPolicy) {
     // Any multi-origin event appends the origin as the third parameter and we do the same here for this short circuit
-    Cypress.primaryOriginCommunicator.emit('bridge:ready', undefined, superDomainOriginPolicy)
+    Cypress.primaryOriginCommunicator.emit('bridge:ready', undefined, originPolicy)
   }
 
   snapshotUnpinned () {

packages/app/src/runner/index.ts

@@ -98,7 +98,7 @@ function createIframeModel () {
     autIframe.detachDom,
     autIframe.restoreDom,
     autIframe.highlightEl,
-    autIframe.doesAUTMatchTopSuperOriginPolicy,
+    autIframe.doesAUTMatchTopOriginPolicy,
     getEventManager(),
     {
       selectorPlaygroundModel: getEventManager().selectorPlaygroundModel,
@@ -194,11 +194,11 @@ export async function teardown () {
  * Add a cross origin iframe for cy.origin support
  */
 export function addCrossOriginIframe (location) {
-  const id = `Spec Bridge: ${location.superDomainOriginPolicy}`
+  const id = `Spec Bridge: ${location.originPolicy}`
 
   // if it already exists, don't add another one
   if (document.getElementById(id)) {
-    getEventManager().notifyCrossOriginBridgeReady(location.superDomainOriginPolicy)
+    getEventManager().notifyCrossOriginBridgeReady(location.originPolicy)
 
     return
   }
@@ -209,7 +209,7 @@ export function addCrossOriginIframe (location) {
     // container since it needs to match the size of the top window for screenshots
     $container: document.body,
     className: 'spec-bridge-iframe',
-    src: `${location.superDomainOriginPolicy}/${getRunnerConfigFromWindow().namespace}/spec-bridge-iframes`,
+    src: `${location.originPolicy}/${getRunnerConfigFromWindow().namespace}/spec-bridge-iframes`,
   })
 }