chore(fxa): Remove requirement for CI when setting bypass token

nshirley · nshirley · commit 80ebc3313855 · 2026-02-27T09:57:10.000-07:00
Because:
 - There's no reason to not send the CI_WAF_TOKEN if it's present

This commit:
 - Removes the redundant check for CI, making testing easier from CI and
   local environments
diff --git a/packages/functional-tests/README.md b/packages/functional-tests/README.md
@@ -36,7 +36,7 @@ yarn test --project=stage --grep="errors on xss redirect_to parameter"
 
 ### Running against Stage or Production
 
-In order to run local tests against stage or production, you'll need to set a few environment variables first. Some tests make use of the auth-client for direct calls to auth-server, so we use a bypass header for the WAF to allow the traffic. You'll need to set both `CI=1` and `CI_WAF_TOKEN="my_token"` environment variables. You can get a copy of the bypass token from 1Password.
+In order to run local tests against stage or production, you'll need to set a `CI_WAF_TOKEN` environment variable. We use a bypass header for the WAF to allow the traffic through and not be stopped by CAPTCHA or similar. Check 1Password for the token and make sure it's available in your environment `export CI_WAF_TOKEN=<mytoken>`.
 
 ### Specifying a target in tests
 
diff --git a/packages/functional-tests/lib/targets/base.ts b/packages/functional-tests/lib/targets/base.ts
@@ -38,15 +38,14 @@ export abstract class BaseTarget {
   }
 
   /**
-   * Will return a `Headers` object with the WAF bypass header if we're in
-   * CI and the token is set, otherwise undefined.
+   * Will return a `Headers` object with the WAF bypass header if the
+   * `CI_WAF_TOKEN` environment variable is set, otherwise it returns `undefined`.
    *
    * This can be passed to the auth-client calls that support optional headers.
    */
   get ciHeader(): Headers | undefined {
-    const ci = !!process.env.CI;
     const ciWafToken = process.env.CI_WAF_TOKEN;
-    return ci && ciWafToken ? new Headers({ 'fxa-ci': ciWafToken }) : undefined;
+    return ciWafToken ? new Headers({ 'fxa-ci': ciWafToken }) : undefined;
   }
 
   constructor(
diff --git a/packages/functional-tests/playwright.config.ts b/packages/functional-tests/playwright.config.ts
@@ -13,11 +13,12 @@ const CI = !!process.env.CI;
 const CI_WAF_TOKEN = process.env.CI_WAF_TOKEN;
 
 /**
- * Returns a header used for WAF bypass in CI environments.
- * Requires CI_WAF_TOKEN set in CircleCI and corresponding WAF condition set for target rule
+ * Returns a header used for WAF bypass.
+ *
+ * Requires `CI_WAF_TOKEN` set in CircleCI, or local environment, and corresponding WAF condition set for target rule
  */
 function getCIHeader(): Record<string, string> {
-  return CI && CI_WAF_TOKEN ? { 'fxa-ci': CI_WAF_TOKEN } : {};
+  return CI_WAF_TOKEN ? { 'fxa-ci': CI_WAF_TOKEN } : {};
 }
 
 // If using the CircleCI parallelism feature, assure that the JUNIT XML report

Original file line number	Diff line number	Diff line change
`@@ -38,15 +38,14 @@ export abstract class BaseTarget {`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`/**`
`41`		- * Will return a `Headers` object with the WAF bypass header if we're in
`42`		`- * CI and the token is set, otherwise undefined.`
	`41`	+ * Will return a `Headers` object with the WAF bypass header if the
	`42`	+ * `CI_WAF_TOKEN` environment variable is set, otherwise it returns `undefined`.
`43`	`43`	`*`
`44`	`44`	`* This can be passed to the auth-client calls that support optional headers.`
`45`	`45`	`*/`
`46`	`46`	`get ciHeader(): Headers \| undefined {`
`47`		`- const ci = !!process.env.CI;`
`48`	`47`	`const ciWafToken = process.env.CI_WAF_TOKEN;`
`49`		`- return ci && ciWafToken ? new Headers({ 'fxa-ci': ciWafToken }) : undefined;`
	`48`	`+ return ciWafToken ? new Headers({ 'fxa-ci': ciWafToken }) : undefined;`
`50`	`49`	`}`
`51`	`50`
`52`	`51`	`constructor(`