I have started using HP Loadrunner as part of a performance testing project.
We are trying to hit an initial URL which redirects to an identity server and then redirects to the web portal login screen.
For now I am trying in parallel to see the message exchange in both loadrunner log and browser log (just to compare the two request response messages). For some reason even though the initial HTTP GET message seems to be the same as the browser one the response coming back from the web portal is not the same. So at the location property when i get the rediction url the path is missing the port number at the redirect_uri point (...../url:portnumber2/.....). that creates an issue with the second redirection as instead of getting me to the proper redirection url it takes me to the error page redirection.
so the message exchange in browser looks like below:
Request URL:https://urladdress:portnumber1/
Request Method:GET
Status Code:302
Remote Address:10.33.5.83:4020
Referrer Policy:no-referrer-when-downgrade
Response Headers
content-length:0
date:Fri, 25 Aug 2017 06:50:47 GMT
location:/connect/authorize?client_id=...&redirect_uri=https%3A%2F%2Furladdress%3Aportnumber%2F....sign........
server:.......
set-cookie:.AspNetCore.OpenIdConnect........
set-cookie:.AspNetCore.........
status:302
x-powered-by:ASP.NET
x-ua-compatible:IE=Edge,chrome=1
Request Headers
:authority:urladdress:portnumber1
:method:GET
:path:/
:scheme:https
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.8
upgrade-insecure-requests:1
user-agent:.......
second redirection
Request URL:https://urladdress:portnumber2/connect/authorize?......
Request Method:GET
Status Code:302
Remote Address:ipaddress:portnumber2
Referrer Policy:no-referrer-when-downgrade
Response Headers
content-length:0
date:Fri, 25 Aug 2017 06:50:47 GMT
location:https://urladdress:portnumber2/account/login?.......
server:......
status:302
x-powered-by:ASP.NET
Request Headers
:authority:urladdress:portnumber2
:method:GET
:path:/connect/authorize?......
:scheme:https
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding:gzip, deflate, br
accept-language:en-US,en;q=0.8
cookie:.AspNetCore.......
upgrade-insecure-requests:1
user-agent:..........
and the message exchange in loadrunner looks the same with the only difference of not including the portnumber2 after the end of the return_uri property.
That results in being redirected to an error page instead of the second redirection.
The script we are using is shown below:
web_set_sockets_option("SSL_VERSION", "TLS1.2");
web_cleanup_cookies();
web_cache_cleanup();
web_add_auto_header("Accept-Encoding","gzip, deflate, br");
web_add_auto_header("Accept-Language","en-US,en;q=0.8");
web_add_auto_header("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8");
web_add_auto_header("Upgrade-Insecure-Requests","1");
web_add_auto_header("User-Agent","Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.101 Safari/537.36");
web_set_option("MaxRedirectionDepth","0",LAST);
web_set_max_html_param_len("10000000");
web_reg_save_param_ex("ParamName=url1",
"LB=Location: ",
"RB=\r\n",
LAST);
web_url("urladdress:portnumber1",
"URL=https://urladdress:portnumber1",
"Resource=0",
"RecContentType=text/html",
"Referer=",
"Mode=HTTP",
LAST);
lr_message("redirected address 1 = %s " ,lr_eval_string("{url1}"));
web_reg_save_param_ex("ParamName=url2",
"LB=Location: ",
"RB=\r\n",
LAST);
web_url("connect",
"URL={url1}",
"Resource=0",
"RecContentType=text/html",
"Referer=https://urladdress:portnumber1",
"Mode=HTTP",
LAST);
return 0;
I need to know why the port number on a url is not fetched by the http response message( perhaps there is a configuration I need to create).
Any other comments that might help would be much appreciated.
Have you considered that having a double redirection, particularly ones which are temporary, are going to extract a large performance hit. You have two double handshakes in a row. This is bad magic, independent of the testing tool being used. It is poor architecture on the part of your designers/developers. Cite the defect - Go for a max redirect level of one.
Related
i'm a bit new with signalr
i have developed a simple chat room (just connect to hub and begin chat) .. i tried it in my localhost and it was working perfectly without any interrupt ..that's good so far .
i uploaded then that site to online host .. i noticed that signalr connection ger failure after short time .. i opened chrome console i found that he tried to reconnect again with the hub (despite it's never happend in my localhost to try to reconnect)
the request was as the Following
Request URL:http://x-strangers.com/signalr/reconnect?transport=serverSentEvents&messageId=d-7C5BF30A-B%2C0%7CC%2C4%7CD%2C1&clientProtocol=1.5&connectionToken=2gLhobhAyeQi9GcNL%2FQTHDcBsz0Rgyc%2FUy4K%2FS5K6Kc0pQB%2FCsLATd2gYBZZ7dclT1EpGafRQkU7MC%2FHEUZTV7cldjc81%2BNYjmckQiS%2FbLcRZqU8GYYx6rPulazcdw89&connectionData=%5B%7B%22name%22%3A%22strangershub%22%7D%5D&tid=4
Request Method:GET
Status Code:400 Bad Request
Remote Address:198.38.83.16:80
Referrer Policy:no-referrer-when-downgrade
Response Headers
view source
Cache-Control:no-cache
Connection:Keep-Alive
Content-Type:text/html
Date:Wed, 21 Jun 2017 20:47:11 GMT
Expires:-1
Pragma:no-cache
Server:Microsoft-IIS/8.0
Transfer-Encoding:chunked
X-AspNet-Version:4.0.30319
X-Content-Type-Options:nosniff
X-Powered-By:ASP.NET
Request Headers
view source
Accept:text/event-stream
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-GB,en;q=0.8,ar;q=0.6,en-US;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Cookie:ASP.NET_SessionId=zfgyzje0tvjfot4r1jpk2zg2
Host:x-strangers.com
Referer:http://x-strangers.com/Home/Strangers
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36
Query String Parameters
view source
view URL encoded
transport:serverSentEvents
messageId:d-7C5BF30A-B,0|C,4|D,1
clientProtocol:1.5
connectionToken:2gLhobhAyeQi9GcNL/QTHDcBsz0Rgyc/Uy4K/S5K6Kc0pQB/CsLATd2gYBZZ7dclT1EpGafRQkU7MC/HEUZTV7cldjc81+NYjmckQiS/bLcRZqU8GYYx6rPulazcdw89
connectionData:[{"name":"strangershub"}]
tid:4`
and the Response was Like the Following
The ConnectionId is in the incorrect format.
Eventually the Connection get Fail
Any Idea how to Fix This ??
I have followed Option #4 in here:
https://github.com/Microsoft/BotFramework-WebChat/blob/speech/samples/speech/index.html
and used my COGNITIVE_SPEECH_API_KEY. But I keep getting a 403 forbidden even though the code seems to be passing in the Authorization header in the request as expected by the docs.
Here is the Request and Response I captured from Chrome Developer tools:
Request
URL: wss://speech.platform.bing.com/speech/recognition/interactive/cognitiveservices/v1?format=simple&language=en-US&Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZSI6Imh0dHBzOi8vd2VzdHVzLmFwaS5jb2duaXRpdmUubWljcm9zb2Z0LmNvbS9jdXN0b21zcGVlY2giLCJzdWJzY3JpcHRpb24taWQiOiJhN2ZmNzJmZmZhNDA0YmQ2ODU5MjNjYzBmMmU2ODdhZiIsInByb2R1Y3QtaWQiOiJDUklTLlMwIiwiY29nbml0aXZlLXNlcnZpY2VzLWVuZHBvaW50IjoiaHR0cHM6Ly9hcGkuY29nbml0aXZlLm1pY3Jvc29mdC5jb20vaW50ZXJuYWwvdjEuMC8iLCJhenVyZS1yZXNvdXJjZS1pZCI6Ii9zdWJzY3JpcHRpb25zLzkwOThmZTJjLTk5NjItNDMxNS1iZGQxLWFiNTEzMDA0YjBiNC9yZXNvdXJjZUdyb3Vwcy9EZW52ZXJJZ25pdGlvbi9wcm92aWRlcnMvTWljcm9zb2Z0LkNvZ25pdGl2ZVNlcnZpY2VzL2FjY291bnRzL2lnbml0aW9udGVzdGJvdHNwZWVjaCIsImlzcyI6InVybjptcy5jb2duaXRpdmVzZXJ2aWNlcyIsImF1ZCI6InVybjptcy5jdXN0b21zcGVlY2giLCJleHAiOjE0OTU5ODQ4MzF9.kK1bx_kWllytyDvdqSZlb0_HUwaLX-V6OGJGeJ3fI2k&X-ConnectionId=9B408F2612DE4902A2D37EEACC8FB350
Request Method:GET
Status Code:403 Forbidden
Response Headers
Content-Length:0
Date:Sun, 28 May 2017 15:10:31 GMT
Server:Microsoft-IIS/10.0
X-MSEdge-Ref:Ref A: B1DBE1CCBEEA44A6B0213CB1CF8B8CA6 Ref B: DEN02EDGE0314 Ref C: Sun May 28 08:10:31 2017 PST
Request Headers
Accept-Encoding:gzip, deflate, sdch, br
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:Upgrade
Cookie:_IFAV=A=422B5EB35D6227B47A899A55FFFFFFFF&COUNT=0&SEEALL=2&VRSN=2;
SRCHD=AF=NOFORM; SRCHUSR=DOB=20160521;
MSFPC=ID=a0c448564466a044a98c006abcccbaf0&CS=3&LV=201608&V=1;
_RwBf=s=10&o=0&A=422B5EB35D6227B47A899A55FFFFFFFF; MUID=2350DC04198E61F62654DA0E1D8E6287;
_U=1Y4QobYDPj3fzheUKiZ5uMdlvmGHvPLxng61hD9XLEWEhcPAfnXyj4UgFgyOMlw6jiTZJaP9wfqB4D6B2UYIV7_jbXnm5WTRM0ycCG-1F5YbfcPhiTR4SdgSkfPadkYRd;
WLID=qgIk0rgVNCI8HNV2Z4g8xFSkWTapYBjrDBYC04Zh/6JNzAhx2KtSiq+zTmKuyODQY3+IA3XDFhKybijk6ArfNlzdJ448JV1JBNO/mmbbcGQ=;
ANON=A=422B5EB35D6227B47A899A55FFFFFFFF&E=13d0&W=1;
NAP=V=1.9&E=1376&C=GKfvIsAF38G7JJpiBtQFE1j-85HTsObRYo50Mrr-fkR1HpimpRoSRA&W=1;
ULC=T=CCC1|4:3; SRCHHPGUSR=CW=1329&CH=716&DPR=2&UTC=-360
Host:speech.platform.bing.com
Origin:https://ignitiontestbotweb.azurewebsites.net
Pragma:no-cache
Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits
Sec-WebSocket-Key:+oV+WOyiaN3VFOIYmX1t3w==
Sec-WebSocket-Version:13
Upgrade:websocket
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110
Safari/537.36
The bing Speech API seems to be randomly accepting the calls. One in 10 connection attempts get through with a 101 Switch Protocols status code. for the same request.
Success
Request URL:wss://speech.platform.bing.com/speech/recognition/interactive/cognitiveservices/v1?format=detailed&language=en-US&Ocp-Apim-Subscription-Key=0825dc93563445aca227aa125404c299&X-ConnectionId=2679C505D3D742A5809D1F08A1934E08
Request Method:GET
Status Code:101 Switching Protocols
Failure (for same request)
Request URL: wss://speech.platform.bing.com/speech/recognition/interactive/cognitiveservices/v1?format=simple&language=en-US&Ocp-Apim-Subscription-Key=0825dc93563445aca227aa125404c299&X-ConnectionId=2A47A79398D941ACB3F67A9580B908E3
Request Method:GET
Status Code:403 Forbidden
As discussed in the comments, the key you are trying to use corresponds to Custom Speech Service API, and the sample you are trying to run needs a Bing Speech API key. Bing Speech is the service that offers Speech to Text capabilites.
I'm developing some site aaa.com with django, which sends cross-domain ajax "GET" requests to receive json data from bbb.com which is also running on django and is using REST framework. At this point everything works pretty fine with adding crossDomain: true; withCredentials:true. And of course its configurated on server-side of aaa.com.
...-Allow-Credentials: true;
...-Allow-Origin: bbb.com
The main issue comes when aaa.com is trying to make PUT POST DELETE ajax requests.
According to CORS documentation:
[https://www.w3.org/TR/cors/#cross-origin-request-with-preflight-0], client side ajax request is correct, and
...-Allow-Headers, ...-Allow-Methods
is matched with
...-Request-Headers, ...-Request-Methods
so this request is not 'simple' and first of all browser sends preflight request from aaa.com to bbb.com to ask if some custom headers and methods are allowed.
Everything is OK But I'm still getting 403 Error. Here is the request/response:
General:
Request URL:http://bbb.com/api/someapipage/
Request Method:OPTIONS
Status Code:403 Forbidden
Remote Address:some ip:80
Response Headers:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:accept, content-type, x-csrftoken, x-requested-with
Access-Control-Allow-Methods:GET, POST, OPTIONS, HEAD, PUT, DELETE
Access-Control-Allow-Origin:http://aaa.com
Allow:GET, POST, HEAD, OPTIONS
Connection:Keep-Alive
Content-Language:en
Content-Type:application/json
Date:Mon, 04 Jul 2016 14:20:38 GMT
Keep-Alive:timeout=5, max=100
Server:gunicorn/19.6.0
Transfer-Encoding:chunked
Vary:Accept,Accept-Language,Cookie
X-Frame-Options:SAMEORIGIN
Request Headers:
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8,ru;q=0.6
Access-Control-Request-Headers:accept, content-type, x-csrftoken
Access-Control-Request-Method:POST
Connection:keep-alive
Host:aaa.com
Origin:http://aaa.com
Referer:http://aaa.com/
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.87 Safari/537.36
After week of tries to fix this issue I realised that server wants to Vary: Cookie on pre-flighted request which is impossible because cross-domain pre-flight request cannot contain cookie in its header.
I started finding some solution to this issue and found:
https://code.djangoproject.com/ticket/13217
"Enabling django.middleware.locale.LocaleMiddleware causes that django adds a 'Vary: Cookie' header to every reponse."
So localMiddleware adds header Vary: Cookie even in pre-flight OPTIONS response
There are lots of reccomendations to use djang-cors-header to fix some of this problems. But using this package function are equal to my settings on server-side.
I have also found pretty package: django-dont-vary-on which if installed can set decorators to turn off Vary:cookie, but in my case i need to turn off Vary:cookie only in OPTIONS response.
Im bit new to django and actually cannot even imagine what to do in this situation. Every my step is just like walking on a mine field.
Is there any solution or some alternatives?
You have to CORS whitelist your client to access the server.
In case their is a Cross-domain request, the request becomes preflighted if you use methods other than GET, HEAD or POST.
Also, if POST is used to send request data with a Content-Type other
than application/x-www-form-urlencoded, multipart/form-data, or
text/plain, it becomes preflighted.
Its the server that allows the cross-domain client request to be processed or deny it (default).
So if you have access to the server-side application, you could do the following to get the response.
On server-side
Install django-cors-headers on your server side and white list your client domain or IP (it is also port specific)
pip install django-cors-headers
In settings.py, add it in your INSTALLED_APPS
INSTALLED_APPS = (
...
'corsheaders',
...
)
Add the corsheaders.middleware.CorsMiddleware in MIDDLEWARE_CLASSES
MIDDLEWARE_CLASSES = (
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'**corsheaders.middleware.CorsMiddleware**',
'django.middleware.common.CommonMiddleware',
....
)
and define a CORS whitelist
CORS_ORIGIN_WHITELIST = (
'aaa.com',
)
Now as you have added your client in the CORS whitelist, you will now be able to make a successful ajax request.
I'm trying to make a static files to be cached in the browser for a small amount of time (10 sec). It seems to be working properly when refreshing page.
- 200 if you are new
- 200 served from cache if you soft-refresh during the first 10 sec
- 304 if you come after more than 10 seconds.
Whenever I add the Http header 'Vary': 'Accept-Encoding' it stops working, meaning that browser cache does not work any more (I always hit the server). This happens because the Http request stop sending if-modified-since or if-none-match whenever I add the Http header 'Vary'.
Are cache-control and vary compatible working together?
I leave the Http Request and Response in case someone can suggest some solution:
Request Header
accept:*/*
accept-encoding:gzip, deflate, sdch
accept-language:en-US,en;q=0.8
cache-control:max-age=0
cookie:XXXXX
referer:XXXXXXXXX
user-agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36
Response Header
cache-control:max-age=10
content-encoding:gzip
content-type:application/javascript
date:Wed, 13 Apr 2016 12:34:57 GMT
etag:W/"XXXXXXXXXXXXXX"
last-modified:Wed, 13 Apr 2016 12:34:25 GMT
server:nginx/1.9.14
status:200
vary:Accept-Encoding
x-powered-by:Express
In Express I have this configuration to set response headers for static files:
var setHeaders = function(res, path)
{
res.setHeader('Cache-Control', 'max-age=10');
res.vary('Accept-Encoding');
};
app.use('/static', express.static('./app/static', {setHeaders: setHeaders}));
I had a self certificate issue. It seems that it was causing the issue. Without the header vary everything seems to be working properly even if the certificate was not installed. Despite of that, when using the vary header issues were showing up for the cache.
Installing the self certificate made it work.
Solution came from: Why browser does not send "If-None-Match" header?
Can PHP/or other server side software tell who sent an ajax get request, things like the user agent or ip geo location if nothing like that is sent in the ajax? I mean, can server technology detect that I have sent using say firefox and that i am in italy without needing me to have sent that info from the client side, or does it need to get that info from being fed through the ajax?
$.get(
'request',
{
foo : 'no user info here',
action : 'click'
});
Would the above request also transmit my ip (or anything other than foo or action) in the headers? When I inspect the headers of a request to say google images in the console > Network > Headers
I see from what I can tell the header sent to me for an image (when I make the request in ajax would something simular be sent to the server)...
Remote Address:173.194.40.31:443
Request URL:https://www.google.it/search?q=cat&safe=off&espv=2&biw=1280&bih=439&source=lnms&tbm=isch&sa=X&ei=hTLiVMS1KtbtavaugqAB&ved=0CAYQ_AUoAQ&dpr=1
Request Method:GET
Status Code:200 OK
Request Headers
:authority:www.google.it
:method:GET
:path:/search?q=cat&safe=off&espv=2&biw=1280&bih=439&source=lnms&tbm=isch&sa=X&ei=hTLiVMS1KtbtavaugqAB&ved=0CAYQ_AUoAQ&dpr=1
:scheme:https
accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
accept-encoding:gzip, deflate, sdch
accept-language:it-IT,it;q=0.8,en-US;q=0.6,en;q=0.4
avail-dictionary:e9KXljul
cookie:SID=DQAAABABAAB_FyDDYGPkx5neGQPWarf87-orPHLggOvof1m7ANKPwpxKRc0LBxJpvQqWpvF6_qk2G8rfG-ZIeNkXG6zGES07ZQpIKOxZNfNO_yX4o2VJaK2mWLUtR6alp6ANCVsJhhM9qe5CxTiS5iMsV0ehKtUQyhUe4qgV4ysI-0yNczd-Vf6i2ZwQpjXqP7OkepVDCdxowaWiGTN5oH8gazhEirTkwJHNeXvANPpdnH9agrh807WvnINDfHMabvNMX86yrhDztgJV8Gt93tMKz2mQIrt4U6kkWpVSJRNICz1l-mlqpAroR-0Gh1hkSSQjTljduf0Gw0brc5ghRzZjnUgRx8-R-Utw2a7jtFZZZ8r04sn9mA; HSID=AiyA-7nS0qOcJPXs4; SSID=AOqRsDMDbkeyP70To; APISID=G4pCmX4uO0A42AlZ/Aw1eRZuRDgbTcsS9u; SAPISID=Fyq-DT3qTKlXX0BV/AFeL6M-cBLSA80AMA; NID=67=qSXRNvV7cf8TvEKdQ-hXpivK8o5iB68hmamjpPgcab9LaF2gi8YcLEZ3a0CkZE_YtRA1-xEbcBy6OF5kQQWvsKkh7wfly_zGcT007kA3rtTybNZxAWyc3ZgQw5h5ZcKYB8uh4rMMkqmloRbVJqsGtLni46mjevXs8xQ6qELItYJzwEkuocVE8ZS3nGIkduBPwOnktmEjTQ; PREF=ID=da3065f670165ae8:U=d4b51905e77a1373:FF=4:LD=en:TM=1420582780:LM=1424110248:SG=1:S=_-WZG1_sLNN6wYUA
referer:https://www.google.it/
user-agent:Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.94 Safari/537.36
I see that the remote address is an ip but the remote url is not. What confuses me is the user agent is sent back to me or is the above what got sent to the server with my request?