Cross-origin blocking is much too strict (empty responses at localhost:xxxx)

[actuallymentor]

Hello all,

I'm currently locked into cypress v11.2.0 because once I upgrade to 13.x Cypress stops being able to call localhost:8081
and fails with net::ERR_EMPTY_RESPONSE (firebase emulator) and breaks with a chrome-error://chromewebdata/ when trying to open a localhost:5051 (firebase functions emulator).

I've has chromeWebSecurity disabled for a long time now, but for some reason, upgrading cypress always gives me more headaches.

I do not have the time to make a reproducible issue but want to post this in case there are others with this issue.

[AndriiNeverov]

I face a similar issue too. A call to emulated Firebase Auth fails within the Cypress, but works perfectly fine against the very same Cypress started app from regular Chrome.

chromeWebSecurity: false and restarting doesn't make a difference.

I noticed some things different in the Cypress case:

1. "Origin: http://localhost:4200" header is missing
2. "Proxy-Connection: keep-alive" instead of "Connection: keep-alive"

[sj-net]

I have spent 2 days to find the issue. I am using Cypress, Firebase Emulator, react and Vite. I was using localhost for emulator connections. And that was the mistake. All emulator requests with localhost are giving net::ERR_EMPTY_RESPONSE. And the solution is to use 127.0.0.1 and everything worked as it should. Looks like Cypress is handling the localhost URL's differently. I think they only handle the ports they know, and ignore the other ports.

[AndriiNeverov]

This is brilliant!

127.0.0.1 works like a charm.

[pablopastorino]

I have spent 2 days to find your solution.

[ericbf]

Worked for me too. Definitely sounds like a defect.