search

oesmith / puffing-billy

A rewriting web proxy for testing interactions between your browser and external sites. Works with ruby + rspec.
MIT License
660 stars 168 forks source link

Puffing-billy not intercepting HTTPS Cross Site Requests #235

Closed madelineleclair closed 6 years ago

madelineleclair commented 6 years ago

I'm trying to intercept some jQuery ajax requests that I'm making from one rails application to another. The url in my request is similar to https://www.myapp.com/testing. The request is over a secure network and is a cross origin request. I'm using puffing-billy with cucumber. In my .env file I have 

require 'billy/capybara/cucumber'
After do
  Capybara.use_default_driver
end

and in my step file I have 

Before('@billy') do
  Capybara.current_driver = :selenium_chrome_billy
  Capybara.javascript_driver = :selenium_chrome_billy
end

And(a stub for testing api) do
  proxy.stub('https://www.myapp.com/testing').and_return(:json => {:text => "Intercepted!"})
end

When I just intercept requests to http://www.google.com the gem works perfectly, but as soon as I try to intercept requests to https://www.myapp.com/testing, the gem doesn't intercept them. The requests go through as if I'm not using puffing-billy at all. I've tried intercepting https://www.myapp.com/testing/, https://www.myapp.com/testing:443, https://www.myapp.com/testing:443/secure, and stubbing the preflight. None of it seems to work. Does anyone have any suggestions, or does puffing-billy not intercept secure cross origin requests?

ronwsmith commented 6 years ago

@madeline1991 Do you see anything in the logs?

madelineleclair commented 6 years ago

I wasn't aware that you could view the server logs. This ticket can actually be closed though. I ended up solving the issue. I was setting the url wrong in the stubs for the preflight and the request. The configuration worked fine though. The final stubs ended up looking like this

 proxy.stub("https://www.myapp.com:443/testing").and_return(
  :headers => {
   'Access-Control-Allow-Methods' => 'GET, PATCH, POST, PUT, OPTIONS',
   'Access-Control-Allow-Headers' => 'X-Requested-With, X-Prototype-Version, Content-Type',
   'Access-Control-Allow-Origin'  => '*'
  },
  :code => 200
)

 proxy.stub("https://www.myapp.com:443/testing").and_return({
  headers: {
   'Access-Control-Allow-Methods' => 'GET, PATCH, POST, PUT, OPTIONS',
   'Access-Control-Allow-Headers' => 'X-Force-Cors',
   'Access-Control-Allow-Origin' => '*'
  },
  json: {:text => "Intercepted!"})
})

One other thing I wanted to ask about is that I noticed that occasionally when the browser starts it loads with a this site can't be reached error, such as when you type in http://dasfjaslk.com/ to your browser's url bar. It will then retry to load the page 2 more times before receiving data back. Does puffing-billy force a retry when the browser doesn't load properly?

ronwsmith commented 6 years ago

@madeline1991 Puffing-billy doesn't include any retrying and shouldn't generally be involved with the initial page loading.

Closing original issue.