fix: Browser will freeze when sync request is intercepted

cli/CHANGELOG.md

@@ -7,6 +7,7 @@ _Released 11/18/2025 (PENDING)_
 
 - Fixed an issue where [`cy.wrap()`](https://docs.cypress.io/api/commands/wrap) would cause infinite recursion and freeze the Cypress App when called with objects containing circular references. Fixes [#24715](https://github.com/cypress-io/cypress/issues/24715). Addressed in [#32917](https://github.com/cypress-io/cypress/pull/32917).
 - Fixed an issue where top changes on test retries could cause attempt numbers to show up more than one time in the reporter and cause attempts to be lost in Test Replay. Addressed in [#32888](https://github.com/cypress-io/cypress/pull/32888).
+- Fixed an issue where the browser will freeze when Cypress intercepts a synchronous request and a routeHandler is used. Fixes [#32874](https://github.com/cypress-io/cypress/issues/32874). Addressed in [#32925](https://github.com/cypress-io/cypress/pull/32925).
 
 **Misc:**
 

packages/net-stubbing/lib/server/intercepted-request.ts

@@ -173,7 +173,7 @@ export class InterceptedRequest {
 
         const _emit = () => emit(this.socket, eventName, eventFrame)
 
-        if (!subscription.await) {
+        if (!subscription.await || this.req.isSyncRequest) {
           _emit()
 
           return

packages/proxy/lib/http/request-middleware.ts

@@ -34,11 +34,16 @@ const ExtractCypressMetadataHeaders: RequestMiddleware = function () {
 
   this.req.isAUTFrame = !!this.req.headers['x-cypress-is-aut-frame']
   this.req.isFromExtraTarget = !!this.req.headers['x-cypress-is-from-extra-target']
+  this.req.isSyncRequest = !!this.req.headers['x-cypress-is-sync-request']
 
   if (this.req.headers['x-cypress-is-aut-frame']) {
     delete this.req.headers['x-cypress-is-aut-frame']
   }
 
+  if (this.req.headers['x-cypress-is-sync-request']) {
+    delete this.req.headers['x-cypress-is-sync-request']
+  }
+
   span?.setAttributes({
     isAUTFrame: this.req.isAUTFrame,
     isFromExtraTarget: this.req.isFromExtraTarget,

packages/proxy/lib/http/response-middleware.ts

@@ -719,6 +719,12 @@ const MaybeCopyCookiesFromIncomingRes: ResponseMiddleware = async function () {
     return this.next()
   }
 
+  if (this.req.isSyncRequest) {
+    span?.end()
+
+    return this.next()
+  }
+
   // we want to set the cookies via automation so they exist in the browser
   // itself. however, firefox will hang if we try to use the extension
   // to set cookies on a url that's in-flight, so we send the cookies down to

packages/proxy/lib/types.ts

@@ -28,6 +28,7 @@ export type CypressIncomingRequest = Request & {
    * Stack-ordered list of `cy.intercept()`s matching this request.
    */
   matchingRoutes?: BackendRoute[]
+  isSyncRequest: boolean
 }
 
 export type RequestCredentialLevel = 'same-origin' | 'include' | 'omit' | boolean

packages/runner/injection/main.js

@@ -32,3 +32,15 @@ Cypress.on('app:timers:pause', timers.pause)
 timers.wrap()
 
 Cypress.action('app:window:before:load', window)
+
+const originalXmlHttpRequestOpen = window.XMLHttpRequest.prototype.open
+
+window.XMLHttpRequest.prototype.open = function (...args) {
+  const result = originalXmlHttpRequestOpen.apply(this, args)
+
+  if (args[2] === false) {
+    this.setRequestHeader('x-cypress-is-sync-request', 'true')
+  }
+
+  return result
+}

packages/runner/injection/patches/xmlHttpRequest.ts

@@ -13,22 +13,35 @@ export const patchXmlHttpRequest = (window: Window) => {
       // we need to store a reference here to what we need in the send method
       this._url = captureFullRequestUrl(args[1], window)
     } finally {
-      return originalXmlHttpRequestOpen.apply(this, args as any)
+      const result = originalXmlHttpRequestOpen.apply(this, args as any)
+
+      if (args[2] === false) {
+        this.setRequestHeader('x-cypress-is-sync-request', 'true')
+        this._isSyncRequest = true
+      }
+
+      return result
     }
   }
 
-  window.XMLHttpRequest.prototype.send = async function (...args) {
-    try {
-      // if the option is specified, communicate it to the the server to the proxy can make the request aware if it needs to potentially apply cross origin cookies
-      // if the option isn't set, we can imply the default as we know the "resourceType" in the proxy
-      await requestSentWithCredentials({
-        url: this._url,
-        resourceType: 'xhr',
-        credentialStatus: this.withCredentials,
-      })
-    } finally {
-      // if our internal logic errors for whatever reason, do NOT block the end user and continue the request
+  window.XMLHttpRequest.prototype.send = function (...args) {
+    if (this._isSyncRequest) {
       return originalXmlHttpRequestSend.apply(this, args)
     }
+
+    return (async () => {
+      try {
+        // if the option is specified, communicate it to the the server to the proxy can make the request aware if it needs to potentially apply cross origin cookies
+        // if the option isn't set, we can imply the default as we know the "resourceType" in the proxy
+        await requestSentWithCredentials({
+          url: this._url,
+          resourceType: 'xhr',
+          credentialStatus: this.withCredentials,
+        })
+      } finally {
+        // if our internal logic errors for whatever reason, do NOT block the end user and continue the request
+        return originalXmlHttpRequestSend.apply(this, args)
+      }
+    })()
   }
 }