fix: Make cross-origin document.cookie work

[chrisbreiding]

• Closes Handle cross-origin document.cookie #22479
• Closes 10.3 broke support for oauth flow with Spotify #22674

User facing changelog

• Fixed how document.cookie works when testing multiple origins

How has the user experience changed?

Previously, some authentication providers that rely on document.cookie would not function correctly because it behaves differently when used in an iframe (the AUT) that has a different origin than top. This PR fixes issues with document.cookie, making it behave as if the user's app is being run in top.

PR Tasks

• Have tests been added/updated?
• Has the original issue (or this PR, if no issue exists) been tagged with a release in ZenHub? (user-facing changes only)
• N/A Has a PR for user-facing changes been opened in cypress-documentation?
• N/A Have API changes been updated in the type definitions?

[cypress-bot]

Thanks for taking the time to open a PR!

• Create a Draft Pull Request if your PR is not ready for review. Mark the PR as Ready for Review when you're ready for a Cypress team member to review the PR.
• Become familiar with the Code Review Checklist for guidelines on coding standards and what needs to be done before a PR can be merged.

[cypress]

---

Test summary

37717 • 0 • 456 • 0 • 9

---

Run details

Project	cypress
Status	Passed
Commit	68eb57d
Started	Jun 30, 2022 5:17 PM
Ended	Jun 30, 2022 5:35 PM
Duration	18:15 💡
OS	Linux Debian - 10.11
Browser	Multiple

View run in Cypress Dashboard ➡️

---

Flakiness

	commands/xhr.cy.js		4
1	... > logs request + response headers
2	... > logs request + response headers
3	... > logs Method, Status, URL, and XHR
4	... > logs response
	cypress/proxy-logging.cy.ts		1
1	Proxy Logging > request logging > xhr log has response body/status code when xhr response is logged first
This comment includes only the first 5 flaky tests. See all 9 flaky tests in the Cypress Dashboard.

---

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Dashboard

[chrisbreiding]

I removed the element with data-cy="welcome" since it wasn't referenced elsewhere, so I had to update this test.

[AtofStryker]

Verified this works with #22568 to support microsoftonline and login.live.com which I think closes #21307 🎉

[mjhenkes]

would it be valuable to patch this in a non-cy.origin use case? It seems like it might be if it makes document.cookie behave more like as if the AUT is top.

[chrisbreiding]

It's only an issue if the top origin doesn't match the AUT origin, so it's not necessary in other cases.

[mjhenkes]

Should we consider contributing this fix to toughCookie? Is this something other people would want too?

[chrisbreiding]

Looks like they already have a PR to fix it: salesforce/tough-cookie#240