hurl icon indicating copy to clipboard operation
hurl copied to clipboard
verified publisher icon Orange-OpenSource

Add --no-cookie option

Open backtozero opened this issue 2 years ago • 4 comments

What is the current bug behavior?

Because hurl automatically saves cookies between calls that are in the same file and uses it for subsequent calls it breaks some 3rd party servers with complex/buggy session handling logic. For example server does the cookie processing first and only then checks for Authorization or some api-key headers

Steps to reproduce

Just try to run multiple calls subsequently in a one file with at least some of them returning some cookies

What is the expected correct behavior?

It should be possible to disable, since there are so many different auth methods these days

Execution context

Should affect all

  • Hurl Version (hurl --version): hurl 4.1.0 (x86_64-apple-darwin23.0) libcurl/8.1.2 (SecureTransport) LibreSSL/3.3.6 zlib/1.2.12 nghttp2/1.55.1

backtozero avatar Nov 17 '23 08:11 backtozero

Hi @backtozero

Do you have a Hurl file to share that you would expect Hurl to succeed? I'm trying to know if you're raising a bug with the current cookie session implementation or you want a new option to disable cookie for a Hurl file.

In any case, as cookie management is done by default, we can imagine a --no-cookie option.

jcamiel avatar Nov 17 '23 11:11 jcamiel

@jcamiel The second one. I just wanted a new feature. A toggle that disables this behavior. Yes, something like --no-cookie but can it be in the file itself?

GET https://auth.service.com/rest/v1/OAuth/AccessToken?clientId=ATExVTgwNcI4M4Y=&password=APITest1&returnFormat=json"
Cache-Control: no-cache

HTTP 200
[Captures]
access_token: jsonpath $.respone.token

# This service brings some "set-cookie" which breaks the next request
GET http://another.service-with-cookie.com/customerId
Authorization: Bearer {{access_token}}

HTTP200
[Captures]
customerId: jsonpath $.respone.customerId


POST https://service.com/api/customerData
Authorization: Bearer {{access_token}}
[Options]
no-cookie
{
    "customerId":{{customerId}}
}

backtozero avatar Nov 17 '23 13:11 backtozero

Yes, we try to support to all cli options in the section itself (if it makes sense). Right now, you can use one request per file in order to use different sessions. They will be executed sequentially.

hurl request.hurl request2.hurl request3.hurl

fabricereix avatar Nov 17 '23 13:11 fabricereix

Changing from bug label to enhancement 😄

jcamiel avatar Nov 17 '23 14:11 jcamiel