Cypress: HTTP 431 errors on XHR requests with large Authorization header value in Cypress versions after 3.4.1

Created on 14 Feb 2020  路  6Comments  路  Source: cypress-io/cypress

Current behavior:

I've created automated tests that login to my application without any errors when run using Cypress version 3.4.1. Doing so in any version after 3.4.1 results in XHR requests (GET requests) that cause HTTP 431 errors. After inspecting the header information of XHR requests that are sent prior to the ones that error out and then inspecting the header information of those that do error out, it appears that those that error out with 431 have a very large Authorization header value. This only happens in versions of Cypress after 3.4.1 and happens to both the standalone copies of Cypress with bundled versions of Node.js as well as version of Cypress installed via npm.

I've tried many different workarounds:

  • Passing in NODE_OPTIONS --max-http-header-size=80000 via CLI
  • Setting the value of "start" in package.json for bundled versions of Cypress (I put the arguments in different orders and none of the orders did anything for me)
    "start": "node --http-parser=legacy --max-http-header-size=80000 ../../cli/bin/cypress open --dev --global ",
  • I did suspect node.js might be the culprit and I found several sites that talked about error 431 and node.js, some of which said that it might be the header parsing that could be at fault, so they recommended the use of the --http-parser=legacy flag and that didn't work either
  • Continuing to suspect node.js, I downloaded Cypress 4.0.1 and set the version of node.js to be "system" and installed node.js version 8.9.3 (the same version bundled with Cypress 3.4.1) and doing so did not work.

I suspect, since setting the version of Node.js to be the same version bundled with Cypress 3.4.1 (which does work), still does not enable the test to succeed and avoid the 431 error, that the problem is with Cypress.

Desired behavior:

XHR GET and POST requests sent during tests do not result in HTTP 431 errors.

Test code to reproduce

Run an XHR request to an endpoint with a very large Authorization header value with the --max-http-header-size=80000 enabled. Also try with any one other header with a large value.

Versions

Cypress 3.4.1 is working
Cypress 3.8+ is NOT working
Tried with Electron and Chrome
Tried with Node.js versions 8.9.3, 9.0.0, and the default version of Node.js bundled with standalone Cypress version 4.0.1

picture sssandp

All 6 comments

@sssandp We want to fix this as soon as possible; however, we are waiting for Electron to release version 9.x with this fix in it: https://github.com/electron/electron/issues/20831

Currently, there is nothing we can do from our side to fix this issue besides wait for Electron 9 to become stable so we can ship with it. If you search this repo for --max-http-header-size and 431 you will see plenty of discussion about the various issues not having this option causes.

flotwig picture flotwig on 14 Feb 2020
👍1

@flotwig is there anyway to update my local installation of Cypress with the beta 9.x release of Electron? Do you think that would work or would something more have to be done in Cypress to take advantage of the updates?

Also, can you explain why issues with Electron would impact functionality in Chrome?

sssandp picture sssandp on 14 Feb 2020

@sssandp Cypress currently ships Electron 7, there are breaking changes in 8 & 9 so it may not be easy. But you can try cloning and building Cypress yourself after bumping electron in packages/electron/package.json.

Cypress runs an HTTP proxy in Node.js, which is bundled with Electron. When Cypress launches Chrome, all requests are proxied through that proxy in Node.js. Node.js has a maximum header size for any HTTP server (default 8kb) which you can set with --max-http-header-size. However, Electron (before 9.x) prevents us from setting that option in packaged Electron apps. So you are stuck with a limit of 8kb for the header size of anything that goes through Cypress.

flotwig picture flotwig on 14 Feb 2020
👍1

@flotwig thank you for the detailed answer and explanation. I know giving timelines is always difficult, but in your opinion, do you think Electron would be updated in Cypress within the next 2 years? I ask, because 3.4.1 is working for us now, but it may not after a while and I'm just concerned some change in Chrome may render it incompatible with Cypress 3.4.1 at some point.

sssandp picture sssandp on 14 Feb 2020

@sssandp absolutely, we try to always release with the latest stable version of Electron

flotwig picture flotwig on 14 Feb 2020
🎉1

@flotwig Awesome. Thank you for your help and for taking the extra time to address all of my questions. I really appreciate it. Cypress is the future of web-based test automation and I love it so far. Have a great day :)

sssandp picture sssandp on 14 Feb 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

brian-mann picture brian-mann  路  3Comments
tahayk picture tahayk  路  3Comments
weskor picture weskor  路  3Comments
igorpavlov picture igorpavlov  路  3Comments
szabyg picture szabyg  路  3Comments