Spike into `modifyObstructiveCode`

[mjhenkes]

What would you like?

Several auth providers frame-bust or otherwise prevent being rendered in an iframe.

This spike is to determine which identified providers work, work with modify obstructive code enabled and which work with AST Parsing enabled.

Provider	works	relaxed MOC	AST Parsing	relaxed MOC w/AST Parsing
Auth0	yes
Github	yes
Okta	yes
Twitter	yes
Apple	yes
Amazon Cognito	yes
Google Auth	no	no	no	no
Facebook	no	no	no	no
Azure Active Directory	no	no	no	no
Paypal	no	no	no	no
Stripe	no

Also stripe payments is frame busting, see this discussion.

Also paypal per discussion

Why is this needed?

Common auth provides are expected to work with cy.origin.

Other

[jennifer-shehane]

@mjhenkes What is the 'works' column capturing? Because modifyObstructiveCode is true by default, so wouldn't that column be the same as the 'works' column in that it's capturing out of the box Cypress behavior?

[mjhenkes]

It is capturing that it works today out of the box with no changes needed. The works with MOC column probably needs to be updated that we want to relax MOC restrictions to modify more sources than it currently does.

[GabZ87]

Tagged into the Paypal discussion but in case it is missed this issue also pertains to Klarna

[mschile]

Closing. Updated the table in the description with the findings. The providers will be addressed individually in their own issues.

[leonid-sviderskii-mtl]

Hi @mschile! Can you please clarify this:

providers will be addressed individually in their own issues

I got it as Cypress would poke them to create the fixes on their own so whenever this happens, the issues will be fixed automatically. Is my understanding correct? If yes, not sure how to know when it's actually fixed though.

Thanks!