Cookie not stored correctly with Cypress

[abin53]

When I visit my site(https) directly, the certificate is verified, however the browser launched through Cypress is showing it as "Not Secure". Cypress says this is only cosmetic issue. But because of this our application fails since browser doesn't have a cookie with secure attribute set which in non-cypress browser works fine ?

This doesn't happen while using chrome. But with other browsers like electron, pupputeer chrome etc

Any thoughts? I'm new with Cypress. Point to me if I'm missing something.

[gkatsanos]

@abin53 how do you set the cookie via Cypress? have you looked into https://docs.cypress.io/api/cypress-api/cookies ?

[abin53]

I dont set cookies via Cypress. Our application backend sets a cookie which is secure. And it works fine. Now since while I test/run our application within Cypress test runner the certificate is invalid it shows not secure therefore this cookie which I was talking about will not be set in Cypress browser. That's my concern.

Appreciate your reply.

[gkatsanos]

You should mock the cookie and set it via Cypress following the guide above, don't count on your application to do this.

[abin53]

Thats not an option. This is csrf cookie which is validated at backend for every api calls(send as request header).

[abin53]

In continuation to above discussion

I had to remove the 'secure' attribute from my cookie to continue

Still the cookie was not set in the browser for Cypress runs. I checked further to find out that:

Cypress make all set-cookie response headers into one single set-cookie header which makes cookies to be set with incorrect cookie path; which makes it an issue.

Attaching some screenshots:

1. Actual application in browser ( not with Cypress run )
   

Note : multiple set cookie header present: XSRF-TOKEN is the cookie of discussion here which is set correctly with path = '/' and httpOnly as false

2. Application with Cypress run
   

Note : set-cookie header combined into single set-cookie. And also path '/scv' is incorrect. expected was '/'

3. Response cookie
   

The actual path for XSRF-TOKEN cookie was '/' but with single set-cookie and now it's being wrongly set as '/scv' which breaks the application under test. Also cookie is marked as httpOnly which isn't.

Probably path and httonly are taken from the last cookies(JSESSIONID) information which is incorrect

Versions :
Node 12.20.1
Cypress : 7.1.0

[abin53]

Checked for latest cypress version 10.3.0, still same issue is present

[alperen-bircak]

I am dealing with this issue as well, please revive this issue