cypress-har-generator icon indicating copy to clipboard operation
cypress-har-generator copied to clipboard

Published 20 hours ago verified publisher icon NeuraLegion

Authorization header missing

Open nfelger opened this issue 2 years ago • 2 comments

Hi, I'm trying to generate a har file for a site that is protected by HTTP Basic Auth. However, the HAR file that is generated lacks the Authorization header, so when I replay it, I get a 401 error.

My Cypress test file:

describe("static pages", () => {
  before(() => {
    // start recording
    cy.recordHar({
      content: false,
      includeHosts: [ '.*.my.domain']
    });
  });

  after(() => {
    cy.saveHar();
  });

  it("Home page", () => {
    cy.visit("/");
  });
});

I run it using:

npx cypress run --config baseUrl=https://username:[email protected] --browser chrome

The result I get looks like this:

{
  "log": {
    "version": "1.2",
    "pages": [],
    "creator": {
      "name": "@neuralegion/cypress-har-generator",
      "version": "5.3.0",
      "comment": "https://github.com/NeuraLegion/cypress-har-generator#readme"
    },
    "entries": [
      {
        "startedDateTime": "2022-05-22T19:12:29.519Z",
        "time": 32.239000021945685,
        "request": {
          "method": "GET",
          "url": "https://my.domain/",
          "httpVersion": "http/1.1",
          "headers": [
            {
              "name": "Accept",
              "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
            },
            {
              "name": "Accept-Encoding",
              "value": "gzip, deflate, br"
            },
            {
              "name": "Accept-Language",
              "value": "en-US"
            },
            {
              "name": "Cache-Control",
              "value": "no-cache"
            },
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "Cookie",
              "value": "__cypress.initial=true"
            },
            {
              "name": "Host",
              "value": "my.domain"
            },
            {
              "name": "Pragma",
              "value": "no-cache"
            },
            {
              "name": "Referer",
              "value": "https://my.domain/__/"
            },
            {
              "name": "Sec-Fetch-Dest",
              "value": "iframe"
            },
            {
              "name": "Sec-Fetch-Mode",
              "value": "navigate"
            },
            {
              "name": "Sec-Fetch-Site",
              "value": "same-origin"
            },
            {
              "name": "Upgrade-Insecure-Requests",
              "value": "1"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/101.0.4951.64 Safari/537.36"
            }
          ],
          "queryString": [],
          "cookies": [
            {
              "name": "__cypress.initial",
              "value": "true",
              "httpOnly": false,
              "secure": false
            }
          ],
          "headersSize": 0,
          "bodySize": 0
        },
        "response": {
          "status": 200,
          "statusText": "OK",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "Content-Encoding",
              "value": "gzip"
            },
            {
              "name": "Keep-Alive",
              "value": "timeout=5"
            },
            {
              "name": "Set-Cookie",
              "value": "__Host-session=eyJjc3JmIjoiMGZlYzUzOGUtNjRhMS00YjI1LWIzMjktYWZhNjIwZGNiYjAxIn0%3D.6L95Y8yu0sO2OOqstlVG5%2F6AAE9YxV8BzlUZK1WvxnY; Path=/; HttpOnly; Secure; SameSite=Strict"
            },
            {
              "name": "Set-Cookie",
              "value": "__cypress.initial=; Domain=my.domain; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT"
            },
            {
              "name": "Transfer-Encoding",
              "value": "chunked"
            },
            {
              "name": "Vary",
              "value": "Accept-Encoding, Accept-Encoding"
            },
            {
              "name": "cache-control",
              "value": "no-cache, no-store, must-revalidate"
            },
            {
              "name": "content-type",
              "value": "text/html; charset=utf-8"
            },
            {
              "name": "cross-origin-embedder-policy",
              "value": "require-corp"
            },
            {
              "name": "cross-origin-opener-policy",
              "value": "same-origin"
            },
            {
              "name": "cross-origin-resource-policy",
              "value": "same-origin"
            },
            {
              "name": "date",
              "value": "Sun, 22 May 2022 19:12:29 GMT"
            },
            {
              "name": "expect-ct",
              "value": "max-age=0"
            },
            {
              "name": "origin-agent-cluster",
              "value": "?1"
            },
            {
              "name": "permissions-policy",
              "value": "clipboard-write=(self)"
            },
            {
              "name": "referrer-policy",
              "value": "same-origin"
            },
            {
              "name": "strict-transport-security",
              "value": "max-age=15724800; includeSubDomains"
            },
            {
              "name": "x-content-type-options",
              "value": "nosniff"
            },
            {
              "name": "x-dns-prefetch-control",
              "value": "off"
            },
            {
              "name": "x-download-options",
              "value": "noopen"
            },
            {
              "name": "x-permitted-cross-domain-policies",
              "value": "none"
            },
            {
              "name": "x-xss-protection",
              "value": "0"
            }
          ],
          "cookies": [],
          "content": {
            "size": 35666,
            "mimeType": "text/html",
            "compression": 29387
          },
          "redirectURL": "",
          "headersSize": 1033,
          "bodySize": 6279,
          "_transferSize": 7312
        },
        "cache": {},
        "timings": {
          "blocked": 1.0409999936446548,
          "dns": -1,
          "ssl": -1,
          "connect": -1,
          "send": 0.05300000000000005,
          "wait": 30.459999992854893,
          "receive": 0.6850000354461372
        },
        "serverIPAddress": "127.0.0.1",
        "_priority": "VeryHigh",
        "_resourceType": "Document",
        "_webSocketMessages": [],
        "connection": "23"
      }
    ]
  }
}

As you can see: no Authorization header. I had a look at the cypress-har-generator but couldn't find any header stripping. Any ideas what might be going on here?

nfelger avatar May 22 '22 19:05 nfelger

@nfelger please provide a reproducible repository if it is possible

derevnjuk avatar Nov 09 '22 18:11 derevnjuk

@nfelger seems Cypress automatically sends this header via some kind of proxy, outside of the browser. That is why you are not able to see this header either in the devtools or the resulting HAR.

Perhaps, it can be solved by #59 intercepting the requests made by cy.request (simular to https://github.com/NeuraLegion/cypress-har-generator/pull/48):

cy.intercept('/', (req: CyHttpMessages.IncomingHttpRequest) => {
  console.log('authorization' in req.headers);
});
cy.visit('/', {
  auth: { username: 'wile', password: 'coyote' }
});

derevnjuk avatar Jan 17 '23 23:01 derevnjuk