xk6-browser icon indicating copy to clipboard operation
xk6-browser copied to clipboard

Published 20 hours ago verified publisher icon grafana

`Response.AllHeaders()` does not include security-related headers

Open ka3de opened this issue 1 year ago • 1 comments

Brief summary

Currently the k6 HTTP Response implementation contains the headers returned in the Network.responseReceived CDP event. These headers are the ones that should be returned for example when calling the Response.Headers() method. Instead, the Response.AllHeaders() method should also include the security-related headers (e.g.: cookie headers) which can be parsed through the Network.responseReceivedExtraInfo CDP event that contains all raw headers.

xk6-browser version

v0.10.0

OS

Ubuntu 20.04.5 LTS

Chrome version

113.0.5672.126 (Official Build) (64-bit)

Docker version and image (if applicable)

No response

Steps to reproduce the problem

Run the following script:

import { check } from 'k6';
import { chromium } from 'k6/experimental/browser';

export const options = {
  scenarios: {
    ui: {
      executor: 'shared-iterations',
      options: {
        browser: {
            type: 'chromium',
        },
      },
    },
  },
  thresholds: {
    checks: ["rate==1.0"]
  }
}

export default async function() {
  const browser = chromium.launch();
  const context = browser.newContext();
  const page = context.newPage();

  try {
    // Goto front page, find login link and click it
    await page.goto('https://test.k6.io/', { waitUntil: 'networkidle' });
    await Promise.all([
      page.waitForNavigation(),
      page.locator('a[href="/my_messages.php"]').click(),
    ]);

    // Enter login credentials and login
    page.locator('input[name="login"]').type('admin');
    page.locator('input[name="password"]').type('123');
    // We expect the form submission to trigger a navigation, so to prevent a
    // race condition, setup a waiter concurrently while waiting for the click
    // to resolve.
    await Promise.all([
      page.waitForNavigation(),
      page.locator('input[type="submit"]').click(),
    ]).then(function(res) {
      console.log("headers: " + JSON.stringify(res[0].allHeaders()));
    });
    check(page, {
      'header': page.locator('h2').textContent() == 'Welcome, admin!',
    });
  } finally {
    page.close();
    browser.close();
  }
}

Expected behaviour

The test output should show the console.log() message with all headers, including also the cookie related headers after the login performed in the page.

Actual behaviour

The test output console.log() message does not include any cookie related header:

INFO[0003] headers: {"connection":"keep-alive","content-type":"text/html; charset=UTF-8","date":"Wed, 12 Jul 2023 09:30:39 GMT","transfer-encoding":"chunked","x-powered-by":"PHP/5.6.40"}  source=console

ka3de avatar Jul 12 '23 09:07 ka3de