{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Root(大扎) 的问题《cypress - 403 forbidden error when visiting main s》','https://www.manongdao.com/q-910598.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to cy.visit() my single page application that requires my certificate loaded in the browser to run correctly. When running a test, it fails with a 403 forbidden error. There is a terrible work-around where I open a new tab in the cypress/chrome browser window and go directly to my web app, which prompts for me to select my certificate a few times and then loads the page. If I then reload the test, it somehow keeps my certificate selections and goes straight to the page and runs the tests. If it has to do a second cy.visit() as in a before or beforeEach loop, it then returns the 403 forbidden error. It seems as though the certificate prompts are breaking the tests when it launches the cypress/chrome browser, since it normally prompts for a certificate selection. Since its automatically doing this, the prompt never happens, and the certificate is not sent/loaded, etc. and the 403 occurs.
Has anyone encountered this and come up with a better solution than my work-around??
Solution:
Add a http proxy server and append the PKI on outgoing requests so say you set the proxy to listen to localhost:4440 so now you are doing cy.visit(http://localhost:4440). The proxy forwards the visit() request to the host:'my-domain-name' and appends the PKI.
For some reason whatever Cypress is doing under the hood prevents the Cypress browser from loading/forwarding on the PKI cert. You will probably also need to install the cert on your execution server db using cert utils https://www.systutorials.com/docs/linux/man/1-certutil/. The CY electron browser will automatically load a cert that is installed on the db so it is important you only ever have certs on there that have permissions to access the application under test. This can all be done in Ansible when wanting to run in a CI pipeline. Was a painful set up and involved some team effort and a great dev who enjoys getting involved in test. Cypress has turned out to be worth all the effort so would deff hope you reconsider using if you haven't already solved it by now.