chore: wire CDP Fetch runtime when proxy is disabled#34276
Conversation
cypress
|
||||||||||||||||||||||||||||
| Project |
cypress
|
| Branch Review |
cacie/34271/cdp-runtime-when-proxy-disabled
|
| Run status |
|
| Run duration | 08m 03s |
| Commit |
|
| Committer | Bill Glesias |
| View all properties for this run ↗︎ | |
| Test results | |
|---|---|
|
|
0
|
|
|
0
|
|
|
3
|
|
|
0
|
|
|
0
|
| View all changes introduced in this branch ↗︎ | |
Warning
No Report: Something went wrong and we could not generate a report for the Application Quality products.
Co-authored-by: Cursor <cursoragent@cursor.com>
Merging develop reintroduced CreateProxyRuntimeDeps on createCdpFetchRuntime, which broke the proxy-disabled call site that only passes client/isAUTFrame. Co-authored-by: Cursor <cursoragent@cursor.com>
Reset clears in-flight state without disabling Fetch, and continueRequest headers always include X-Cypress-Is-AUT-Frame when the request is AUT-frame. Co-authored-by: Cursor <cursoragent@cursor.com>
00ca773 to
72d49a8
Compare
…ions Cfg.clientRoute is optional because RuntimeConfigOptions extends Partial<RuntimeServerConfigOptions>. Reuse InternalRouteConfig for CDP Fetch runtime deps so server-base can pass _openConfig without TS2322. Co-authored-by: Cursor <cursoragent@cursor.com>
703bf54 to
08027c5
Compare
…bled startWebsockets left options.getRenderedHTMLOrigins undefined without a networkProxy, but the driver requests the map in its before-each via reset:cached:test:state, crashing socket-base and skipping all tests. Fall back to an empty map until CDP-based injection tracks origins. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
…header The serve-internal-routes loopback request line is path-only, so Express consumers that derive the request origin from req.proxiedUrl (e.g. the spec-bridge iframe controller) saw a path instead of an origin. Send the browser's original absolute URL as the loopback header value and have setProxiedUrl restore it as proxiedUrl for trusted loopbacks. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
… to documents - Swallow rejections when stopping the previous CDP Fetch runtime so a dead page client (spec change, relaunch) cannot fail the next launch - Only inject X-Cypress-Is-AUT-Frame on document requests, matching the other automation layers, and dedupe it on redirect re-pauses so it never leaks to origin servers on AUT subresource traffic - Share the AUT_FRAME_HEADER constant across the CDP/BiDi/WebKit layers - Make CdpFetchTransport.reset() synchronous and document that `hosts` and `blockHosts` are not enforced in proxy-disabled mode Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Want reviews to match your repository better? Bugbot Learning can learn team-specific rules from PR activity. A team admin can enable Learning in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit a880bfb. Configure here.
| headers.push({ | ||
| name: AUT_FRAME_HEADER, | ||
| value: 'true', | ||
| }) |
There was a problem hiding this comment.
AUT header leaks upstream without proxy
Medium Severity
With the MITM proxy disabled, CDP Fetch adds X-Cypress-Is-AUT-Frame on AUT document Fetch.continueRequest calls. That traffic no longer passes through NetworkProxy request middleware, which previously removed the header before upstream requests. External AUT navigations can therefore send this internal Cypress marker to the application origin.
Reviewed by Cursor Bugbot for commit a880bfb. Configure here.


Additional details
Wires the CDP Fetch network runtime when the MITM proxy is disabled (
CYPRESS_INTERNAL_DISABLE_PROXY), so AUT request/response traffic is surfaced through CDP Fetch instead of the Node proxy.ServerBase.createCdpFetchNetworkRuntimeand hooks it from Chrome/Electron viaonPageCriClientReadywhen the proxy is disabledcreateCdpFetchRuntimeto a lightweight HttpIntercept + CdpFetchTransport path (no legacy NetworkProxy pipeline)isAUTFrameinto the CDP Fetch transport for AUT-frame correlationDepends on the CDP Fetch transport from #34222.
Steps to test
CYPRESS_INTERNAL_DISABLE_PROXY=1) against a Chromium browser.How has the user experience changed?
No change for default (proxy-enabled) runs. Enables the proxy-disabled CDP Fetch path for the HTTP/2 interception migration.
PR Tasks
cypress-documentation?type definitions?Made with Cursor