search

grafana / xk6-browser

k6 extension that adds support for browser automation and end-to-end web testing via the Chrome Devtools Protocol
https://grafana.com/docs/k6/latest/javascript-api/k6-experimental/browser/
GNU Affero General Public License v3.0
336 stars 42 forks source link

`Response.AllHeaders()` does not include security-related headers #965

Open ka3de opened 1 year ago

ka3de commented 1 year ago

Brief summary

Currently the k6 HTTP Response implementation contains the headers returned in the Network.responseReceived CDP event. These headers are the ones that should be returned for example when calling the Response.Headers() method. Instead, the Response.AllHeaders() method should also include the security-related headers (e.g.: cookie headers) which can be parsed through the Network.responseReceivedExtraInfo CDP event that contains all raw headers.

xk6-browser version

v0.10.0

OS

Ubuntu 20.04.5 LTS

Chrome version

113.0.5672.126 (Official Build) (64-bit)

Docker version and image (if applicable)

No response

Steps to reproduce the problem

Run the following script:

import { check } from 'k6';
import { chromium } from 'k6/experimental/browser';

export const options = {
  scenarios: {
    ui: {
      executor: 'shared-iterations',
      options: {
        browser: {
            type: 'chromium',
        },
      },
    },
  },
  thresholds: {
    checks: ["rate==1.0"]
  }
}

export default async function() {
  const browser = chromium.launch();
  const context = browser.newContext();
  const page = context.newPage();

  try {
    // Goto front page, find login link and click it
    await page.goto('https://test.k6.io/', { waitUntil: 'networkidle' });
    await Promise.all([
      page.waitForNavigation(),
      page.locator('a[href="/my_messages.php"]').click(),
    ]);

    // Enter login credentials and login
    page.locator('input[name="login"]').type('admin');
    page.locator('input[name="password"]').type('123');
    // We expect the form submission to trigger a navigation, so to prevent a
    // race condition, setup a waiter concurrently while waiting for the click
    // to resolve.
    await Promise.all([
      page.waitForNavigation(),
      page.locator('input[type="submit"]').click(),
    ]).then(function(res) {
      console.log("headers: " + JSON.stringify(res[0].allHeaders()));
    });
    check(page, {
      'header': page.locator('h2').textContent() == 'Welcome, admin!',
    });
  } finally {
    page.close();
    browser.close();
  }
}

Expected behaviour

The test output should show the console.log() message with all headers, including also the cookie related headers after the login performed in the page.

Actual behaviour

The test output console.log() message does not include any cookie related header:

INFO[0003] headers: {"connection":"keep-alive","content-type":"text/html; charset=UTF-8","date":"Wed, 12 Jul 2023 09:30:39 GMT","transfer-encoding":"chunked","x-powered-by":"PHP/5.6.40"}  source=console
ankur22 commented 2 months ago

This issue also affects request.allHeaders.