Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorization header missing #83

Open
nfelger opened this issue May 22, 2022 · 2 comments
Open

Authorization header missing #83

nfelger opened this issue May 22, 2022 · 2 comments
Assignees
Labels
Type: enhancement New feature or request.

Comments

@nfelger
Copy link

nfelger commented May 22, 2022

Hi, I'm trying to generate a har file for a site that is protected by HTTP Basic Auth. However, the HAR file that is generated lacks the Authorization header, so when I replay it, I get a 401 error.

My Cypress test file:

describe("static pages", () => {
  before(() => {
    // start recording
    cy.recordHar({
      content: false,
      includeHosts: [ '.*.my.domain']
    });
  });

  after(() => {
    cy.saveHar();
  });

  it("Home page", () => {
    cy.visit("/");
  });
});

I run it using:

npx cypress run --config baseUrl=https://username:[email protected] --browser chrome

The result I get looks like this:

{
  "log": {
    "version": "1.2",
    "pages": [],
    "creator": {
      "name": "@neuralegion/cypress-har-generator",
      "version": "5.3.0",
      "comment": "https://github.com/NeuraLegion/cypress-har-generator#readme"
    },
    "entries": [
      {
        "startedDateTime": "2022-05-22T19:12:29.519Z",
        "time": 32.239000021945685,
        "request": {
          "method": "GET",
          "url": "https://my.domain/",
          "httpVersion": "http/1.1",
          "headers": [
            {
              "name": "Accept",
              "value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
            },
            {
              "name": "Accept-Encoding",
              "value": "gzip, deflate, br"
            },
            {
              "name": "Accept-Language",
              "value": "en-US"
            },
            {
              "name": "Cache-Control",
              "value": "no-cache"
            },
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "Cookie",
              "value": "__cypress.initial=true"
            },
            {
              "name": "Host",
              "value": "my.domain"
            },
            {
              "name": "Pragma",
              "value": "no-cache"
            },
            {
              "name": "Referer",
              "value": "https://my.domain/__/"
            },
            {
              "name": "Sec-Fetch-Dest",
              "value": "iframe"
            },
            {
              "name": "Sec-Fetch-Mode",
              "value": "navigate"
            },
            {
              "name": "Sec-Fetch-Site",
              "value": "same-origin"
            },
            {
              "name": "Upgrade-Insecure-Requests",
              "value": "1"
            },
            {
              "name": "User-Agent",
              "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/101.0.4951.64 Safari/537.36"
            }
          ],
          "queryString": [],
          "cookies": [
            {
              "name": "__cypress.initial",
              "value": "true",
              "httpOnly": false,
              "secure": false
            }
          ],
          "headersSize": 0,
          "bodySize": 0
        },
        "response": {
          "status": 200,
          "statusText": "OK",
          "httpVersion": "HTTP/1.1",
          "headers": [
            {
              "name": "Connection",
              "value": "keep-alive"
            },
            {
              "name": "Content-Encoding",
              "value": "gzip"
            },
            {
              "name": "Keep-Alive",
              "value": "timeout=5"
            },
            {
              "name": "Set-Cookie",
              "value": "__Host-session=eyJjc3JmIjoiMGZlYzUzOGUtNjRhMS00YjI1LWIzMjktYWZhNjIwZGNiYjAxIn0%3D.6L95Y8yu0sO2OOqstlVG5%2F6AAE9YxV8BzlUZK1WvxnY; Path=/; HttpOnly; Secure; SameSite=Strict"
            },
            {
              "name": "Set-Cookie",
              "value": "__cypress.initial=; Domain=my.domain; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT"
            },
            {
              "name": "Transfer-Encoding",
              "value": "chunked"
            },
            {
              "name": "Vary",
              "value": "Accept-Encoding, Accept-Encoding"
            },
            {
              "name": "cache-control",
              "value": "no-cache, no-store, must-revalidate"
            },
            {
              "name": "content-type",
              "value": "text/html; charset=utf-8"
            },
            {
              "name": "cross-origin-embedder-policy",
              "value": "require-corp"
            },
            {
              "name": "cross-origin-opener-policy",
              "value": "same-origin"
            },
            {
              "name": "cross-origin-resource-policy",
              "value": "same-origin"
            },
            {
              "name": "date",
              "value": "Sun, 22 May 2022 19:12:29 GMT"
            },
            {
              "name": "expect-ct",
              "value": "max-age=0"
            },
            {
              "name": "origin-agent-cluster",
              "value": "?1"
            },
            {
              "name": "permissions-policy",
              "value": "clipboard-write=(self)"
            },
            {
              "name": "referrer-policy",
              "value": "same-origin"
            },
            {
              "name": "strict-transport-security",
              "value": "max-age=15724800; includeSubDomains"
            },
            {
              "name": "x-content-type-options",
              "value": "nosniff"
            },
            {
              "name": "x-dns-prefetch-control",
              "value": "off"
            },
            {
              "name": "x-download-options",
              "value": "noopen"
            },
            {
              "name": "x-permitted-cross-domain-policies",
              "value": "none"
            },
            {
              "name": "x-xss-protection",
              "value": "0"
            }
          ],
          "cookies": [],
          "content": {
            "size": 35666,
            "mimeType": "text/html",
            "compression": 29387
          },
          "redirectURL": "",
          "headersSize": 1033,
          "bodySize": 6279,
          "_transferSize": 7312
        },
        "cache": {},
        "timings": {
          "blocked": 1.0409999936446548,
          "dns": -1,
          "ssl": -1,
          "connect": -1,
          "send": 0.05300000000000005,
          "wait": 30.459999992854893,
          "receive": 0.6850000354461372
        },
        "serverIPAddress": "127.0.0.1",
        "_priority": "VeryHigh",
        "_resourceType": "Document",
        "_webSocketMessages": [],
        "connection": "23"
      }
    ]
  }
}

As you can see: no Authorization header. I had a look at the cypress-har-generator but couldn't find any header stripping. Any ideas what might be going on here?

@derevnjuk
Copy link
Member

@nfelger please provide a reproducible repository if it is possible

@derevnjuk derevnjuk added the Type: bug Something isn't working label Nov 9, 2022
@derevnjuk derevnjuk self-assigned this Nov 9, 2022
@derevnjuk derevnjuk added Type: question Further information is requested and removed Type: bug Something isn't working labels Jan 17, 2023
@derevnjuk
Copy link
Member

@nfelger seems Cypress automatically sends this header via some kind of proxy, outside of the browser. That is why you are not able to see this header either in the devtools or the resulting HAR.

Perhaps, it can be solved by #59 intercepting the requests made by cy.request (simular to #48):

cy.intercept('/', (req: CyHttpMessages.IncomingHttpRequest) => {
  console.log('authorization' in req.headers);
});
cy.visit('/', {
  auth: { username: 'wile', password: 'coyote' }
});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Type: enhancement New feature or request.
Projects
None yet
Development

No branches or pull requests

2 participants