Cypress sets "credentials": "omit" as opposed to "include" when Chrome fires api calls

Question

This API call gets fired after clicking a login button. When doing it manually, the call looks like this:

fetch("https://someurl.io/account/login?ReturnUrl=somereturnurl", {
  "headers": {
    "accept": "application/json, text/plain, */*",
    "accept-language": "en-US,en;q=0.9,es;q=0.8",
    "content-type": "application/json;charset=UTF-8",
    "requestverificationtoken": "some token",
    "sec-ch-ua": "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"98\", \"Google Chrome\";v=\"98\"",
    "sec-ch-ua-mobile": "?0",
    "sec-ch-ua-platform": "\"macOS\"",
    "sec-fetch-dest": "empty",
    "sec-fetch-mode": "cors",
    "sec-fetch-site": "same-origin"
  },
  "referrer": "https://someurl.io/signin?ReturnUrl=somereturnurl",
  "referrerPolicy": "strict-origin-when-cross-origin",
  "body": "{\"username\":\"someuser\",\"password\":\"somepassword\",\"subscriberId\":\"someid\",\"isStaff\":somebool}",
  "method": "POST",
  "mode": "cors",
  "credentials": "include"
});

This creates a .AspNetCore.Antiforgery cookie and then you login

When the test is ran via Cypress, the request is changed from "credentials": "include" to "credentials": "omit". No cookie is saved and the redirect fails due to

{type: "invalid-antiforgery-token", title: "Antiforgery token validation failed", detail: "",…}
code: 400
detail: ""
title: "Antiforgery token validation failed"
type: "invalid-antiforgery-token"

Has anyone ran into a similar issue and know how to make Cypress fire the same Request.credentials property?

Thank you so much in advance

Answer 1

That's it. I'm switching to Playwright.