https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705
--- Comment #6 from Pedro Amorim (ammopt) <[email protected]> --- Created attachment 199814 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199814&action=edit Bug 42705: Fix SCO spec WebBasedSelfCheck setup cy.login() in beforeEach broke the test in two ways: the intranet staff session cookie bled into the OPAC request (HTTP cookies have no port scope in browsers), and navigating from intranet→OPAC mid-test hit a cross-origin block in Cypress. The afterEach suffered the same race condition - the syspref POST fired before the login redirect completed. Replace with cy.request(), which makes HTTP calls at the runner level without touching the browser's current origin. cy.visitOpac() is then the first browser navigation, so no cross-origin issue arises. A three-step flow satisfies Koha's CSRF middleware: 1) GET the login page to obtain a session and its token 2) POST credentials to authenticate 3) POST to the svc endpoint. This fixes the #barcode and #patronlogin not found issues The CSRF token also requires encodeURIComponent() — base64 uses +, which a URL-encoded form body decodes as a space, silently corrupting the token and causing the login to fail. This resolves the 403 Forbidden issue Everything must pass: $ cypress run --spec t/cypress/integration/OPAC/SCO_spec.ts as well as npm run cypress open (cypress ui) ktd selenium: $ perl /kohadevbox/misc4dev/run_tests.pl --run-only t/cypress/integration/OPAC/SCO_spec.ts -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
