https://cypress.io logo
reverse proxy and custom certificate
p

polite-glass-8571

05/25/2023, 10:31 AM
Hello, I have been stumbling around trying to get this to work for the last couple days and still with no luck. I'll describe my setup and my needs: I have a custom url
www.mysite.com
I have a ssl certificate for this website that I have installed on my mac I have a local reverse proxy that uses a trusted certificate, I can visit
www.mysite.com
on a regular browser and it will show that the connection is trusted and secure ( green lock) Due to cypress using its own proxy, it provides its own certificate when connecting to
www.mysite.com
which is not installed on my mac, therefore the connection is marked as non-secure (red lock). I have a script that runs on the app that I cannot modify and relies on being on that particular domain (
www.mysite.com
) and having a secure connection ( green lock ). Now, I am trying to separate requests that need to be proxied by cypress and the ones that don't through a PAC file, supplied as an option on
before:browser:launch
but I only managed to have Cypress show a message "This browser was not launched through Cypress. Tests cannot run.". Do you have any suggestions on how to solve this? I'm banging my head trying to make it work
g

gray-kilobyte-89541

05/25/2023, 10:56 AM
How does your script that runs on the page check the connection?
p

polite-glass-8571

05/25/2023, 10:57 AM
@gray-kilobyte-89541 I've been trying to find out on and off for a few days, problem is, it's minified and obfuscated. I only know that it only works if the certificate is trusted (it's a custom gigya setup).
what I ultimately need to do is to intercept a call that it performs when the certificate is trusted, but just doesn't occur when running within cypress
g

gray-kilobyte-89541

05/25/2023, 11:28 AM
Ok I’m curious, but without a reproducible example impossible to say
p

polite-glass-8571

05/25/2023, 2:06 PM
@gray-kilobyte-89541 here, I configured this to reproduce. Instructions in the README

https://cdn.discordapp.com/attachments/1111240184814637149/1111306021797892207/Schermata_2023-05-25_alle_16.51.54.png

g

gray-kilobyte-89541

05/25/2023, 2:57 PM
what is this?
p

polite-glass-8571

05/25/2023, 3:00 PM
the screenshot? it's the certificate shown for the custom url. As you can see, it has "CypressProxyCA" as the issuer, showing that it's not the certificate I expect
you can see that in the security tab in chrome devtools
in the cypress config I left commented code that adds the PAC file to chrome, which causes cypress to show the "This browser was not launched through Cypress. Tests cannot run" message
you can test that by uncommenting the setupNodeEvents function
g

gray-kilobyte-89541

05/25/2023, 4:26 PM
I am sorry, I am not inserting any certificates into my laptop. I would suggest opening an issue in the Cypress repo
p

polite-glass-8571

05/25/2023, 4:28 PM
I understand your concern, though it's just a random self-signed certificate, I can tell you how to generate your own if it makes you feel safer
it would work just as well for the purpose of the test
this would be the script, it uses the https://smallstep.com/ executable to generate a fresh certificate for that domain
#!/bin/bash

brew update
brew install pcre openssl nginx step
DOMAIN=www-local.example.com
SECRET="secret"
PWD=$(pwd)
mkdir -p $PWD/ssl
rm -rf $PWD/ssl/$DOMAIN
export STEPPATH=$PWD/ssl/$DOMAIN
echo $SECRET >> $PWD/ssl/password.txt
step ca init --name=$DOMAIN \
  --provisioner="selfsigned" \
  --address="127.0.0.1:3000" \
  --deployment-type="standalone" \
  --dns="$DOMAIN,localhost" \
  --password-file="$PWD/ssl/password.txt"
mkdir -p $PWD/ssl/$DOMAIN/keys
step crypto keypair \
  $PWD/ssl/$DOMAIN/keys/public_key.pem \
  $PWD/ssl/$DOMAIN/keys/private_key.pem \
  --kty 'RSA' \
  --size 2048 \
  --no-password \
  --insecure

mkdir -p $PWD/ssl/$DOMAIN/certificate
step ca certificate \
  $DOMAIN \
  $PWD/ssl/$DOMAIN/certificate/$DOMAIN.crt \
  $PWD/ssl/$DOMAIN/certificate/$DOMAIN.key \
  --offline \
  --san $DOMAIN \
  --password-file="$PWD/ssl/password.txt"


cp $PWD/ssl/$DOMAIN/certs/root_ca.crt $PWD/ssl/$DOMAIN.root.crt
mv $PWD/ssl/$DOMAIN/certificate/$DOMAIN.crt $PWD/ssl/$DOMAIN.crt
mv $PWD/ssl/$DOMAIN/certificate/$DOMAIN.key $PWD/ssl/$DOMAIN.key
mv $PWD/ssl/password.txt $PWD/ssl/$DOMAIN.password
rm -rf $PWD/ssl/$DOMAIN
echo "Do you want to install this certificate?"
step certificate install --all $PWD/ssl/$DOMAIN.root.crt