fix: spoof origin and referer (#6468)

* fix: spoof origin and referer * comments, chaining, and an accurate replication of amplitude response bodies

fix: spoof origin and referer (#6468)
* fix: spoof origin and referer * comments, chaining, and an accurate replication of amplitude response bodies
7a1a476e · Jordan Frankfurt · GitHub · b3bfc100 · 7a1a476e
Commit 7a1a476e authored Apr 28, 2023 by Jordan Frankfurt Committed by GitHub Apr 28, 2023
Show whitespace changes
Inline Side-by-side

Showing with 24 additions and 21 deletions

e2e.ts cypress/support/e2e.ts +24 -21

No files found.
--- a/cypress/support/e2e.ts
+++ b/cypress/support/e2e.ts
@@ -89,27 +89,30 @@ Cypress.Commands.overwrite(
 )
 beforeEach(() => {
-  // Infura security policies are based on Origin headers.
+  // Many API calls enforce that requests come from our app, so we must mock Origin and Referer.
-  // These are stripped by cypress because chromeWebSecurity === false; this adds them back in.
+  cy.intercept('*', (req) => {
-  cy.intercept(/infura.io/, (res) => {
+    req.headers['referer'] = 'https://app.uniswap.org'
-    res.headers['origin'] = 'http://localhost:3000'
+    req.headers['origin'] = 'https://app.uniswap.org'
-    res.alias = res.body.method
-    res.continue()
  })
+    // Infura uses a test endpoint, which allow-lists http://localhost:3000 instead.
-  // Graphql security policies are based on Origin headers.
+    .intercept(/infura.io/, (req) => {
-  // These are stripped by cypress because chromeWebSecurity === false; this adds them back in.
+      req.headers['referer'] = 'http://localhost:3000'
-  cy.intercept('https://api.uniswap.org/v1/graphql', (res) => {
+      req.headers['origin'] = 'http://localhost:3000'
-    res.headers['origin'] = 'https://app.uniswap.org'
+      req.alias = req.body.method
-    res.continue()
+      req.continue()
    })
-  cy.intercept('https://beta.api.uniswap.org/v1/graphql', (res) => {
+    // Mock Amplitude responses to avoid analytics from tests.
-    res.headers['origin'] = 'https://app.uniswap.org'
+    .intercept('https://api.uniswap.org/v1/amplitude-proxy', (req) => {
-    res.continue()
+      const requestBody = JSON.stringify(req.body)
+      const byteSize = new Blob([requestBody]).size
+      req.reply(
+        JSON.stringify({
+          code: 200,
+          server_upload_time: Date.now(),
+          payload_size_bytes: byteSize,
+          events_ingested: req.body.events.length,
        })
+      )
-  cy.intercept('https://api.uniswap.org/v1/amplitude-proxy', (res) => {
-    res.reply(JSON.stringify({}))
    })
 })