Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Subtle Crypto not available in Firefox #14600

Closed
j-berman opened this issue Jan 16, 2021 · 21 comments
Closed

Subtle Crypto not available in Firefox #14600

j-berman opened this issue Jan 16, 2021 · 21 comments
Assignees
Labels
browser: firefox E2E Issue related to end-to-end testing existing workaround stale no activity on this issue for a long period type: unexpected behavior User expected result, but got another

Comments

@j-berman
Copy link

j-berman commented Jan 16, 2021

Current behavior

Subtle Crypto (window.crypto.subtle) is undefined in Firefox 84.

First noticed my CI tests in Firefox were failing, then reproduced locally by updating my local Firefox (and Cypress) to the latest.

Desired behavior

Subtle crypto to be available in Firefox Cypress tests.

Test code to reproduce

it('Subtle crypto unavailable', function () {
    cy.visit('./cypress/integration/index.html').then(function (win) {
        expect(win.crypto).to.have.property('subtle')
    })
})

Versions

Failing CI Versions

Firefox 84
Linux Ubuntu - 18.04
Cypress - 4.12.1

Last known working CI Versions

Firefox 83
Linux Ubuntu - 18.04
Cypress - 4.12.1

Failing Local Versions

Firefox 84
Mac OS X - 10.14.6
Cypress - 6.2.1

Last known working local version

Firefox 78
Mac OS X - 10.14.6
Cypress - 6.2.1

Note

Subtle crypto is supposed to be available at localhost, as it's considered a secure context.

From MDN's docs on secure contexts:

Locally-delivered resources such as those with http://127.0.0.1 URLs, http://localhost and http://*.localhost URLs (e.g. http://dev.whatever.localhost/), and file:// URLs are also considered to have been delivered securely.

But it also has this note, which seems to be the culprit for the breaking change in Firefox 84, but I'm not really sure why:

Note: Firefox 84 and later support http://localhost and http://*.localhost URLs as trustworthy origins (earlier versions did not, because localhost was not guaranteed to map to a local/loopback address).

I have access to subtle crypto in Firefox 84 when serving my site from a webpack dev server at localhost, just not within Cypress for some reason.

I figure it has something to do with Cypress' browser environment being incompatible with Firefox 84:

Cypress launches the browser in a way that’s different from a regular browser environment. But it launches in a way that we believe makes testing more reliable and accessible.

@j-berman
Copy link
Author

Throwing this out there too: if it's possible to run Cypress CI tests on different browser versions, that would be a nice workaround in the meantime. Haven't been able to figure that out, doesn't seem possible using the Cypress service

j-berman added a commit to smallbets/userbase that referenced this issue Jan 18, 2021
- Subtle crypto is unavailable in the latest Firefox in Cypress (cypress-io/cypress#14600)
@jennifer-shehane
Copy link
Member

@j-berman We have docker images where some different browser versions are provided, but we don't have a 'matrix' of browser versions to run against. https://github.com/cypress-io/cypress-docker-images

We proxy a lot of requests through Cypress, so yeah, I imagine there's something we're not taking into account in this situation.

Reproducible example

index.html

<html>
  <body>
    <h1>Hello world</h1>
    <script>
      console.log(window.crypto)
    </script>
  </body>
</html>

spec.js

it('Subtle crypto unavailable', () => {
  cy.visit('index.html').then((win) => {
    // Fails in Firefox 84
    expect(win.crypto).to.have.property('subtle')
  })
})

Firefox 81

Screen Shot 2021-01-20 at 3 58 26 PM

Firefox 84

Screen Shot 2021-01-20 at 4 00 34 PM

@jennifer-shehane jennifer-shehane added browser: firefox type: unexpected behavior User expected result, but got another labels Jan 20, 2021
@cypress-bot cypress-bot bot added the stage: needs investigating Someone from Cypress needs to look at this label Jan 20, 2021
@samal-rasmussen
Copy link

samal-rasmussen commented Feb 4, 2021

I can find crypto.subtle on 127.0.0.1 in Firefox v84, but not on localhost.

@cupcakearmy
Copy link

Same issue here on macOS with firefox 88 and a local server running on localhost:3000

@fintechee
Copy link

The similar issue

127.0.0.1:8080 --> ok
127.0.0.1:8081 --> ok
localhost:8080 --> ok
http://domain -----> ok
https://domain ---> ok

But

192.168.0.xxx:8080 ---> undefined

@cypress-bot cypress-bot bot added stage: backlog and removed stage: needs investigating Someone from Cypress needs to look at this labels Apr 29, 2022
@ShuPink
Copy link

ShuPink commented Jun 8, 2022

I'm also having this issue with Firefox 100, Ubuntu 20.04, Cypress 10.0.2 on localhost.

Both Electron and Chrome work normally.
I can access subtle on Firefox from localhost outside of Cypress.

I tried to polyfill using @peculiar/webcrypto but wasn't able to get it working.

@con-cso
Copy link

con-cso commented Jul 8, 2022

I'm also seeing this in our CI as of late.

  • Firefox 101
  • Cypress 9.6.0
  • Xubuntu 21.10

@sisou
Copy link

sisou commented Nov 25, 2022

I just had the same problem, crypto.subtle not being available on localhost.

I found that the about:config setting network.proxy.allow_hijacking_localhost was set to true, but default is false. Resetting it to false made it work on localhost!

@metawise
Copy link

metawise commented Jan 4, 2023

I just had the same problem, crypto.subtle not being available on localhost.

I found that the about:config setting network.proxy.allow_hijacking_localhost was set to true, but default is false. Resetting it to false made it work on localhost!

I got same error on FF only, this fixed.

@stoooops
Copy link

I am facing this issue while visiting a RainbowKit v1.5 website at 192.168.1.XXX.

Interestingly, my issue is in Brave Browser, but Firefox works okay.

I do not get this issue on localhost when I am on the machine that is running the web server.

@JanZellmer
Copy link

JanZellmer commented Jan 27, 2023

Hi @ALL
I'm facing the same problem on firefox for localhost. When I run it manually, the network.proxy.allow_hijacking_localhost is set to false. Only in Cypress, it is true.
For me it worked as I changed the baseUrl key in cypres config from localhost:4200 to 127.0.0.1:4200

@NingXinHui
Copy link

I just had the same problem, crypto.subtle not being available on localhost.

I found that the about:config setting network.proxy.allow_hijacking_localhost was set to true, but default is false. Resetting it to false made it work on localhost!

hello how to set

@sisou
Copy link

sisou commented Apr 1, 2023

hello how to set

Type about:config in the location (address) bar and press the "Enter" key to open the about:config page, just like you open a website by typing the URL in the location bar.

Then search for the setting name in the config search bar.

@rolfspuler
Copy link

Looks like that network.proxy.allow_hijacking_localhost needs to be true though for Cypress to work correctly, doesn't seem to be the solution. If I turn it to false via browser launch options I don't see any cypress related things anymore in the browser window.

@caesar1987sk
Copy link

caesar1987sk commented Jun 23, 2023

i got issue with window.crypto.subtle
error was window.crypto.subtle is undefined
error was breaking login with msal (msal-angular).
when i set "network.proxy.testing_localhost_is_secure_when_hijacked" to true, it started to work, so this part of code solved my issue:

setupNodeEvents(on) {
      on('before:browser:launch', (browser, launchOptions) => {
        if (browser.family === 'firefox') {
          // launchOptions.preferences is a map of preference names to values
          // login is not working in firefox when testing_localhost_is_secure_when_hijacked is false
          launchOptions.preferences['network.proxy.testing_localhost_is_secure_when_hijacked'] = true;
        }

        return launchOptions;
      });
    }

browser: firefox 114.0.2
application served to 127.0.0.1 (not possible to use localhost)
baseUrl: http://localhost:<port>/

@lmiller1990
Copy link
Contributor

lmiller1990 commented Jun 30, 2023

It looks like that should not be necessary @caesar1987sk - we already do this by default:

'network.proxy.allow_hijacking_localhost': true,

I suspect serving vias 127.0.0.1 is what is fixing this for you? If you do that, but remove the

launchOptions.preferences['network.proxy.testing_localhost_is_secure_when_hijacked'] = true;

Is it causing errors?

@lmiller1990
Copy link
Contributor

lmiller1990 commented Jun 30, 2023

I tried this out. The workaround would be to use 127.0.0.1 for now, until we find out why localhost isn't working. It looks like using this comment's recommendation it works. I wonder if

'network.proxy.allow_hijacking_localhost': true,
is getting overridden at some point. I'll take a look.

Not working:

it("runs", () => {
  cy.visit("http://localhost:8000");
  cy.window().then((win) => expect(win.crypto).to.have.property("subtle"));
 });

Working:

it("runs", () => {
  cy.visit("http://127.0.0.1:8000");
  cy.window().then((win) => expect(win.crypto).to.have.property("subtle"));
 });

If I add

setupNodeEvents(on) {
      on('before:browser:launch', (browser, launchOptions) => {
        if (browser.family === 'firefox') {
          // launchOptions.preferences is a map of preference names to values
          // login is not working in firefox when testing_localhost_is_secure_when_hijacked is false
          launchOptions.preferences['network.proxy.testing_localhost_is_secure_when_hijacked'] = true;
        }

        return launchOptions;
      });
    }

in cypress.config.js, it works with localhost. I'll dig into this.

@lmiller1990 lmiller1990 self-assigned this Jun 30, 2023
@cybermelons
Copy link

it("runs", () => {
  cy.visit("http://127.0.0.1:8000");
  cy.window().then((win) => expect(win.crypto).to.have.property("subtle"));
 });

If I add

setupNodeEvents(on) {
      on('before:browser:launch', (browser, launchOptions) => {
        if (browser.family === 'firefox') {
          // launchOptions.preferences is a map of preference names to values
          // login is not working in firefox when testing_localhost_is_secure_when_hijacked is false
          launchOptions.preferences['network.proxy.testing_localhost_is_secure_when_hijacked'] = true;
        }

        return launchOptions;
      });
    }

in cypress.config.js, it works with localhost. I'll dig into this.

Adding this to my cypress config works for me. Thanks 👍🏼

@lmiller1990
Copy link
Contributor

I did not end up figuring this out. Anyway, above work around works great.

@jennifer-shehane jennifer-shehane added E2E Issue related to end-to-end testing and removed stage: routed to e2e-core labels Oct 4, 2023
@cypress-app-bot
Copy link
Collaborator

This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided.

@cypress-app-bot cypress-app-bot added the stale no activity on this issue for a long period label May 27, 2024
@cypress-app-bot
Copy link
Collaborator

This issue has been closed due to inactivity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
browser: firefox E2E Issue related to end-to-end testing existing workaround stale no activity on this issue for a long period type: unexpected behavior User expected result, but got another
Projects
None yet
Development

No branches or pull requests