Skip to content

chore: clean up the server cookie automation converters and various automation code#34248

Open
AtofStryker wants to merge 6 commits into
developfrom
refactor/automation_client_p3
Open

chore: clean up the server cookie automation converters and various automation code#34248
AtofStryker wants to merge 6 commits into
developfrom
refactor/automation_client_p3

Conversation

@AtofStryker

@AtofStryker AtofStryker commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator
  • Closes N/A — cleanup driven by the cookie automation consolidation (explained below)

Additional details

Stacked on #34245 (refactor/automation_client_p2), which stacks on #34244 — this PR targets the p2 branch.

Unlike the earlier PRs in this stack, this one does contain behavior changes. The goal is no regressions — each change below is either provably unreachable code, or a deliberate contract cleanup with the reasoning spelled out. New direct unit tests pin all of it.

Behavior changes, each with its no-regression rationale:

  1. Removed obsolete Firefox-CDP handling from cdp_automation.ts. Firefox runs exclusively through WebDriver BiDi (and upstream Firefox removed CDP entirely), so two accommodations are unreachable: the URL hash strip in onNetworkRequestWillBeSent (Firefox CDP bug — Chromium strips fragments per spec before the network layer) and the ffToStandardResourceTypeMap (img/csp/webmanifest are Firefox-CDP type names; I enumerated the possible inputs — Chromium CDP's PascalCase ResourceType enum and playwright's lowercase resource types — and neither can produce them). The validResourceTypes allowlist itself is untouched since its membership defines live cy.intercept resourceType behavior, and new tests pin the full mapping for every CDP and playwright value.

  2. clear:cookies (CDP) no longer emits undefined placeholder entries for cookies that don't exist at clear time. The placeholders were a Bluebird.mapSeries artifact that survived to the driver unfiltered — but they're only producible via a race, because the driver fetches existing cookies immediately before clearing them. The response now reports only cookies actually cleared.

  3. Minimum supported Firefox is now 140. Firefox support is rolling — versions 135–139 are no longer maintained by Mozilla, and ESR 140 is the oldest line Mozilla ships. Their BiDi implementations also predate the default sameSite value Cypress relies on, which is what motivated this: with the floor at 140, the Firefox-version sameSite guard and all its majorFirefoxVersion parameter threading come out of convertSameSiteExtensionToBiDi, convertCyCookieToBiDiCookie, and BidiAutomation. No changelog entry: Cypress documents rolling support for the last 3 major versions of each browser, so moving the enforcement floor is housekeeping rather than a policy change.

  4. The CDP cookie converters are now pure functions. convertCdpCookieToCyCookie previously mutated the incoming CDP cookie in place behind seven @ts-ignores and returned it — it now builds a fresh CyCookie (which also stops passing through CDP-only fields like size/session; the automation layer already stripped those via _.pick before they reached the driver). convertCyCookieToCdpCookie loses a delete cookie.hostOnly input side effect that never influenced the outgoing SetCookieRequest. CyCookie.hostOnly becomes optional to reflect that every producer sets it conditionally — the required field inherited from chrome.cookies.Cookie was what forced the @ts-ignores. The existing middleware deep-equality specs pass unchanged, confirming identical output shapes.

Behavior-neutral commits alongside:

  • The per-protocol converters are renamed for the dialects they translate: convertCdpCookieToCyCookie / convertCyCookieToCdpCookie (formerly normalizeGetCookieProps / normalizeSetCookieProps in the cdp converter), convertPlaywrightCookieToCyCookie / convertCyCookieToPlaywrightCookie (formerly the same normalize* names in the webkit converter), and convertSameSiteExtensionToPlaywright (formerly ...ToCypress, which misdescribed its output vocabulary). normalize* now exclusively means the within-dialect cleanup in cookie/automation.ts.
  • The sameSite vocabulary is consolidated into cookie/util.ts (ExtensionSameSiteStatus + sameSiteExtensionToProtocolMap), replacing three hand-written copies.
  • New direct unit specs under test/unit/automation/cookie/converters/ (48 tests) mirror the lib layout so they move with the code when it's eventually extracted from the server package. They cover previously-untested surfaces: the __Host- domain→url swap, isHostOnlyCookie edge cases (dot-prefix/localhost/IP), the playwright converters (no prior cookie-shape coverage at all), and purity pins on every converter.

Steps to test

yarn workspace @packages/server test-unit -- cdp_spec      # new: CDP converter suite
yarn workspace @packages/server test-unit -- bidi_spec     # new: BiDi converter suite
yarn workspace @packages/server test-unit -- webkit_spec   # new: playwright converter suite
yarn workspace @packages/server test-unit -- util_spec     # cookieMatches + isHostOnlyCookie
yarn workspace @packages/server test-unit -- automation    # middleware behavior (unchanged assertions)
yarn workspace @packages/launcher test                     # validator floor + detection fixtures

Firefox e2e/system jobs run against Firefox 141+ in CI, so the floor bump doesn't change what CI exercises.

How has the user experience changed?

Users launching Firefox 135–139 now see the unsupported-browser warning ("Cypress does not support running Firefox version NNN due to an incomplete WebDriver BiDi implementation. To use Firefox with Cypress, install version 140 or newer.") where those versions previously launched. No other user-visible change.

PR Tasks

  • [na] Is there an associated issue with maintainer approval for PR submission? — internal cleanup within the cookie automation consolidation stack
  • Have tests been added/updated?
  • Has a PR for user-facing changes been opened in cypress-documentation? — the documented minimum Firefox version needs updating to 140; will link the docs PR here
  • [na] Have API changes been updated in the type definitions?

Note

Medium Risk
Touches cookie get/set/clear across CDP and BiDi and changes supported Firefox versions (135–139 blocked); behavior is heavily unit-tested but cookie automation is user-facing.

Overview
Refactors server cookie automation so CDP, BiDi, and WebKit/Playwright converters are pure, renamed (convert*), and sameSite mapping lives in cookie/util.ts (ExtensionSameSiteStatus, sameSiteExtensionToProtocolMap) instead of three copies.

Firefox 140+ is now required in the launcher validator (was 135); BiDi drops majorFirefoxVersion sameSite workarounds because older Firefox BiDi lacked the default sameSite value.

CDP path: converters build fresh CyCookie objects (no in-place mutation / CDP-only fields leaking); clear:cookies omits undefined entries for cookies already gone; Firefox-CDP-only URL hash stripping and ffToStandardResourceTypeMap are removed from cdp_automation (Firefox uses BiDi only).

Adds unit specs under test/unit/automation/cookie/converters/ and updates launcher/driver tests for the new Firefox floor and e2e sameSite comment.

Reviewed by Cursor Bugbot for commit 3b14a28. Bugbot is set up for automated code reviews on this repo. Configure here.

@AtofStryker AtofStryker self-assigned this Jul 8, 2026
@cypress

cypress Bot commented Jul 8, 2026

Copy link
Copy Markdown

cypress    Run #72361

Run Properties:  status check passed Passed #72361  •  git commit 3b14a28063: test(server): add direct unit coverage for the cookie converters
Project cypress
Branch Review refactor/automation_client_p3
Run status status check passed Passed #72361
Run duration 15m 57s
Commit git commit 3b14a28063: test(server): add direct unit coverage for the cookie converters
Committer Bill Glesias
View all properties for this run ↗︎

Test results
Tests that failed  Failures 0
Tests that were flaky  Flaky 7
Tests that did not run due to a developer annotating a test with .skip  Pending 1113
Tests that did not run due to a failure in a mocha hook  Skipped 0
Tests that passed  Passing 24944
View all changes introduced in this branch ↗︎

Warning

No Report: Something went wrong and we could not generate a report for the Application Quality products.

@AtofStryker AtofStryker force-pushed the refactor/automation_client_p2 branch from ec4798a to b1d8540 Compare July 9, 2026 12:28
@AtofStryker AtofStryker force-pushed the refactor/automation_client_p3 branch 2 times, most recently from 477ac31 to 740d5eb Compare July 9, 2026 12:35
@AtofStryker AtofStryker changed the title misc: bump minimum supported Firefox to 140 and clean up the cookie converters misc: clean up the server cookie automation converters Jul 9, 2026
Base automatically changed from refactor/automation_client_p2 to develop July 14, 2026 13:46
AtofStryker and others added 6 commits July 14, 2026 10:47
…ation

Firefox runs exclusively through WebDriver BiDi (upstream Firefox removed CDP
support entirely), so the Firefox-CDP accommodations in cdp_automation are
unreachable:

- the URL hash strip in onNetworkRequestWillBeSent existed for a Firefox CDP
  bug (bugzilla 1715366); the remaining CDP consumers are all Chromium, which
  strips fragments before the network layer per spec. Its pinned unit test is
  removed with it.
- ffToStandardResourceTypeMap ('img'/'csp'/'webmanifest') and the redundant
  'img' special case in normalizeResourceType map Firefox-CDP type names that
  neither Chromium CDP (PascalCase enum) nor playwright (webkit-automation's
  input, already lowercase) can produce. The validResourceTypes allowlist is
  unchanged — its membership defines live cy.intercept resourceType behavior —
  and new unit tests pin the full mapping for every CDP and playwright value.

Also in the same cleanup: clear:cookies no longer emits undefined placeholder
entries for cookies that don't exist at clear time. The entries were a
Bluebird.mapSeries artifact, survive to the driver unfiltered, and are only
producible via a race (the driver fetches existing cookies immediately before
clearing them), so the response now reports only cookies actually cleared.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…anslate

Renames the per-protocol cookie helpers in lib/automation/cookie/converters
to the convert{Dialect}CookieToCyCookie / convertCyCookieTo{Dialect}Cookie
convention bidi.ts already used, since each one translates between the
WebExtension-style CyCookie and a protocol's own cookie shape:

- cdp.ts: normalizeGetCookieProps -> convertCdpCookieToCyCookie,
  normalizeGetCookies -> convertCdpCookiesToCyCookies,
  normalizeSetCookieProps -> convertCyCookieToCdpCookie
- webkit.ts: normalizeGetCookieProps -> convertPlaywrightCookieToCyCookie,
  normalizeSetCookieProps -> convertCyCookieToPlaywrightCookie, and
  convertSameSiteExtensionToCypress -> convertSameSiteExtensionToPlaywright
  (it returns playwright's sameSite vocabulary, not Cypress's)

The normalize* helpers in cookie/automation.ts keep their names — they
normalize within the automation cookie shape rather than crossing dialects.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The extension-dialect sameSite vocabulary was declared three times: an
extensionMap const in converters/webkit.ts, an inline object literal in
converters/cdp.ts, and a hand-written union on BidiCyCookie in
converters/bidi.ts. cookie/util.ts now owns both pieces:

- ExtensionSameSiteStatus (mirrors chrome.cookies.SameSiteStatus), which
  CyCookie.sameSite Excludes 'unspecified' from and BidiCyCookie widens back
- sameSiteExtensionToProtocolMap, shared by the cdp and webkit converters
  (CDP's Network.CookieSameSite and playwright's sameSite are the same three
  PascalCase values)

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Firefox versions 135-139 are no longer maintained by Mozilla (support is
rolling, and ESR 140 is the oldest release line Mozilla currently ships), and
their WebDriver BiDi implementations predate the 'default' sameSite cookie
value Cypress relies on.

With the floor at 140, the Firefox-version guard from 9ef239e comes out:
convertSameSiteExtensionToBiDi no longer needs a majorFirefoxVersion to pick
between 'none' and 'default' for unspecified cookies, so the parameter and
the BidiAutomation.majorFirefoxVersion plumbing that fed it are removed, and
'unspecified'/undefined both map to 'default' unconditionally. The
"Firefox 139 and under" unit test is deleted with the behavior; the launcher
validator test and linux detection fixtures move to 140.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
convertCdpCookieToCyCookie built its result by mutating the incoming CDP
cookie in place behind a pile of @ts-ignores; it now constructs a fresh
CyCookie. The delete/reassign expiry dance becomes a ternary on the -1
session sentinel, and hostOnly is stamped conditionally as before. CDP-only
fields (size, session, priority, ...) are no longer passed through — the
automation layer already stripped them via _.pick before they reached the
driver.

convertCyCookieToCdpCookie loses its `delete cookie.hostOnly` input side
effect, which never influenced the outgoing SetCookieRequest (there is no
hostOnly field on it).

CyCookie.hostOnly is now optional rather than inheriting chrome.cookies.
Cookie's required field — every producer sets it conditionally, and the
required type is what forced the @ts-ignores. convertSameSiteCdpToExtension
is typed for what callers pass (sameSite is optional on CDP cookies) and
returns CyCookie['sameSite'] instead of the ambient chrome type.

The webkit and bidi converters already built fresh objects; with this, every
converter in lib/automation/cookie/converters is pure.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
The converters in lib/automation/cookie were only exercised transitively
through the browser automation middleware specs, which left real gaps: the
__Host- prefix handling in the CDP set path was untested anywhere, the
playwright/webkit converters had no cookie-shape assertions at all, and
isHostOnlyCookie's edge cases (dot-prefixed domains, localhost, IP
addresses) had no direct pins.

New specs mirror the lib layout under test/unit/automation/cookie/converters
so they can move with the code when it is extracted from the server package,
and they test only the exported surfaces:

- cdp_spec: expires/expirationDate conversions incl. the -1 session
  sentinel, hostOnly stamping, sameSite both directions, dot-prefixing,
  __Host- domain-to-url swap, and purity pins (inputs untouched, CDP-only
  fields dropped)
- bidi_spec: default/unspecified and no_restriction/none sameSite
  conversions, float and -Infinity expiry handling, hostOnly domain rules,
  and purity pins
- webkit_spec: playwright cookie shape mapping, session sentinel, sameSite
  vocabulary, and purity pins
- util_spec: isHostOnlyCookie edge cases

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@AtofStryker AtofStryker force-pushed the refactor/automation_client_p3 branch from 740d5eb to 3b14a28 Compare July 14, 2026 14:54
@AtofStryker AtofStryker changed the title misc: clean up the server cookie automation converters chore: clean up the server cookie automation converters Jul 14, 2026
@AtofStryker AtofStryker requested review from a team and mschile July 14, 2026 15:01
@AtofStryker AtofStryker changed the title chore: clean up the server cookie automation converters chore: clean up the server cookie automation converters and various automation code Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants