Cross-Origin Testing in Cypress
On This Page What is Cross-Origin Testing (cy.origin) in CypressMay 15, 2026 · 9 min read · Tool Comparison
Cypress is an advanced test automation tool, but it limits cross-origin testing. Cross-origin examination is when users test whether an app act correctly when resources (like scripts or APIs) are requested from a different area, port, or protocol. However, Cypress provides a workaround via thecy.origin function, allowing the user to perform the action in a different domain and then continue with the previous domain as required. This usher explores Cypress & # 8217; s cross-origin examination, use cases, and implementation. Cross-origin testing in Cypress typically concern to testing the functionalities in different domains. By default, Cypress implement the same-origin insurance, meaning it can solely interact with resources from the same domain to prevent cross-site scripting (XSS) and other exposure. The cy.origin () partallows the user to short-circuit this behavior and validate the scenarios that fall under different origins. Cy.origin ()has two type of syntax URL: It is the URL that differs from the origin URL or URL on which you think to perform operations. Options: It & # 8217; s an object that allows you to configure specific behaviors for the command, such as timeout and log Callback Function: A function containing Cypress commands that can be executed in the context of the specified beginning. Example Read more: Below are some of the real-life examples of why cross-origin examination is important Read More: Here are the instances when you will feature to usecy.originwhile testing your application Consider your application navigates to a different orbit upon clicking the sign-in page. In such scenarios you can use the cy.origin In the above example, thecy.visit ()is used to navigate to the login page that is of a primary origin; upon clicking the Log in button, it navigates to the GitHub sign-in page, where github.com turn the cross-origin. cy.origin (& # 8220; https: //github.com & # 8220;) is expend to ease the restriction. Read More: The above may be specific to the user. In real-time, you may necessitate to create a custom function that dynamically accepts the username and password. In the above code, the help function with the namessologin ()is created, which accepts the username and password. These parameters are salve insentArgsvariable and passed intocy.origin (). This facilitate to dynamically pass the username and password based on the use cases There may be use cases where you need to explicitly sail to the secondary origin usecy.visit (). In such cases, you must include thecy.visit ()within thecy.origin (), as shown below. In the above code, you can explicitly navigate to the petty domain using thecy.visit (). First, you pilot towww.browserstack.com, which get the primary domain. To ease the cross-origin restriction for the junior-grade sphere, the cy.origin (& # 8220; https: //percy.io/ & # 8221;) is employ, after which you navigate to the website. Pro tip: Tools like SUSA can handle this autonomously — upload your app and get results without writing a single test script. Output Cypress allows the creation of a custom command to perform any operation. Rather than rewriting the like code each time you log in, you can simply add the usage bid in thecypress/support/commands.js. In the above code, the custom bid is being added in thecommand.js file. The custom bidding is named & # 8216; githubLogin & # 8217;, which accepts username and password as parameters to allow the dynamic login with different credentials. The below codification shows how you can use the custom command in your test scripts: Output If you are navigating to multiple petty origins, you need to use thecy.origin ()multiple times In the above example, multiple domains are navigated. It illustrates the exercise of multiplecy.origin ()as you navigate to multiple origin. Read More: Running the cy.origin tests in Cypress is the like as running any other test. Consider an example where you hold created one test in the Below is the example code. The above test is located inside thecypress-demo/e2e/crossoriginbooklet, wherecypress-demois the project root folder. Once you have the test created, you receive two choice to accomplish the test. Cypress UI can be invoked utilize the command Once you hit the above bid, you will be prompted with a welcome window. Then you can: Cypress CLI allows you to quickly execute the tests using the command line. Use the below command to execute Cypress tryout Syntax Example Read More: Though a developer-friendly framework, Cypress has its limitations. While one is the limitation pertain cross-origin testing, the early is the restriction of running parallel test in local. This is a challenge for companies as they need scalable environs to meet the fluctuating demand. Tools like BrowserStack can help in such scenario by countenance you easily action tests on a cloud without code changes. Moreover, it provides access to 3500+ existent device-browser combinations to test across various real device, browser, and OS combinations. Integrating Browserstack Automate is simple. Please postdate our to quickly set up Cypress. Cypress bound cross-origin testing by nonremittal for security intellect. However, there are many use cases where cross-origin testing is crucial. Cypress indorse a workaround for cross-origin testing using thecy.origin ()command where the exploiter can navigate to different arena implicitly or explicitly to execute validation. Like cross-origin, Cypress besides restrict parallel performance and multi-browser parallel executing locally. BrowserStack integration helps to achieve this without any hassle. BrowserStack has a vast of 3500+ devices and browsers, which accelerates and improves the accuracy of your tryout by. 1. What is Cy root? Cy.root is a bid in Cypress that allows fetching the HTML document theme. Given below is the command forcy.root 2. Why do use cy in Cypress? Cy objectis a foundational global object in Cypress. It is used to perform any activeness including the browser interactions, and validation in Cypress. It can be used for bring the elements, inexplicit assertions, do browser simulation, etc. # Ask-and-Contributeabout this topic with our Discord community. Upload your APK or URL. SUSA explores like 10 real users — finds bugs, accessibility violations, and security issues. No scripts needed. Upload your APK or URL. SUSA explores like 10 real users — finds bugs, accessibility violations, and security issues. No scripts.Cross-Origin Testing in Cypress
What is Cross-Origin Testing (cy.origin) in Cypress
Cy.origin () Syntax
cy.origin (url, callbackFn) cy.origin (url, options, callbackFn)
it ('Example cross origin ', () = & gt; {cy.visit (`` https: //www.browserstack.com ``); //do some operation cy.origin (`` https: //percy.io/login '', () = & gt; {//do something else})});Use Cases of Cross-Origin Testing
In such scenarios, the web page navigates to the respective company domains to validate the credentials. Cy.origin () can help in validating such authentication.
These footer links can airt to different field or subdomains. Cypress cross-origin examination can be used to corroborate such scenarios.
As soon as you hit the login push, the page might redirect to the central login domain to enter the credentials, leading to a cross-origin scenario.When to Use cy.origin in Testing [With Examples]
1. SSO/oAuth Authentication for your Application
describe ('Cross origin demo ', () = & gt; {it ('Login with github ', () = & gt; {cy.visit (`` https: //cloud.cypress.io/login ''); cy.get (`` button span '') .contains (`` Log in '') .first () .click () cy.origin (`` https: //github.com '', () = & gt; {cy.get (`` # login_field '') .type (`` test '') cy.get (`` # countersign '') .type (`` test123 '')})});});2. Dynamic information in a Secondary Origin
describe ('Dynamic Data Cross Origin ', () = & gt; {const ssologin = (userName, password) = & gt; {const sentArgs = {username: userName, password: password} cy.origin (`` https: //github.com/ '', {args: sentArgs}, ({username, password}) = & gt; {cy.get (`` # login_field '') .type (username) cy.get (`` # password '') .type (password) cy.get (`` input [name='commit '] '') .click ()})} it ('Dynamic data cross origin test ', () = & gt; {cy.visit (`` https: //cloud.cypress.io/login ''); cy.get (`` push span '') .contains (`` Log in '') .first () .click () ssologin (`` bstack @ browsertack.com '', '' $ 3osod '');});});3. Navigating to the Secondary Origin
describe ('Example cross origin ', () = & gt; {it ('Example crisscross origin ', () = & gt; {cy.visit (`` https: //www.browserstack.com ''); cy.get ('h1 ') .should ('have.text ', 'App & amp; Browser Testing Made Easy '); cy.origin (`` https: //percy.io/ '', () = & gt; {cy.visit (`` https: //percy.io ''); cy.get ('h1 ') .first () .should ('have.text ', 'Your all-in-one visual review platform ');})});});4. Login to SSO using the Custom Command
Cypress.Commands.add ('githubLogin ', (userName, password) = & gt; {const sentArgs = {username: userName, password: password} cy.visit (`` https: //cloud.cypress.io/login ''); cy.get (`` button yoke '') .contains (`` Log in '') .first () .click () cy.origin (`` https: //github.com/ '', {args: sentArgs}, ({username, countersign}) = & gt; {cy.get (`` # login_field '') .type (username) cy.get (`` # password '') .type (password) cy.get (`` input [name='commit '] '') .click ()})})describe ('Example cross descent ', () = & gt; {it ('Example mark origin ', () = & gt; {cy.githubLogin ('test ', 'testsook ')});});5. Navigating to Multiple Secondary Origins in Succession
describe ('Example cross origin ', () = & gt; {it ('Example cross origin ', () = & gt; {cy.visit (`` https: //www.browserstack.com ''); cy.get ('h1 ') .should ('have.text ', 'App & amp; Browser Testing Made Easy '); cy.origin ('https: //nightwatchjs.org/ ', () = & gt; {cy.visit ('https: //nightwatchjs.org/about/community/ ') cy.url () .should ('contain ', 'about/community ')}) cy.origin ('https: //percy.io ', () = & gt; {cy.visit ('https: //percy.io/features ') cy.url () .should ('contain ', 'features ')})});});How to Run cy.origin in Cypress
cypress-demo/e2e/crossorigin/crossorign.test.cy.js.
describe ('Example cross origin ', () = & gt; {it ('Example cross descent ', () = & gt; {cy.visit (`` https: //www.browserstack.com ''); cy.get ('h1 ') .should ('have.text ', 'App & amp; Browser Testing Made Easy '); cy.origin ('https: //nightwatchjs.org/ ', () = & gt; {cy.visit ('https: //nightwatchjs.org/about/community/ ') cy.url () .should ('contain ', 'about/community ')}) cy.origin ('https: //percy.io ', () = & gt; {cy.visit ('https: //percy.io/features ') cy.url () .should ('contain ', 'features ')})});});Using UI
npx cypress open
Using CLI
npx cypress run -- spec `` path_to_spec_file ''
npx cypress run -- spec `` cypress/e2e/crossorigin/crossorigin.test.cy.js ''
How to Run Cross-origin tests in Cypress using BrowserStack Automate
Conclusion
Frequently Asked Questions
cy.root () .should ('have.prop ', 'nodeName ', 'HTML ');Related Guides
Automate This With SUSA
Test Your App Autonomously