grafana/k6

`Response.AllHeaders()` does not include security-related headers

Open

#4,291 创建于 2023年7月12日

在 GitHub 查看
 (3 评论) (2 反应) (1 负责人)Go (30,564 star) (1,537 fork)batch import
area: browserbrowser: playwrightenhancementgood first issuehacktoberfest

描述

Brief summary

Currently the k6 HTTP Response implementation contains the headers returned in the Network.responseReceived CDP event. These headers are the ones that should be returned for example when calling the Response.Headers() method. Instead, the Response.AllHeaders() method should also include the security-related headers (e.g.: cookie headers) which can be parsed through the Network.responseReceivedExtraInfo CDP event that contains all raw headers.

xk6-browser version

v0.10.0

OS

Ubuntu 20.04.5 LTS

Chrome version

113.0.5672.126 (Official Build) (64-bit)

Docker version and image (if applicable)

No response

Steps to reproduce the problem

Run the following script:

import { check } from 'k6';
import { chromium } from 'k6/experimental/browser';

export const options = {
  scenarios: {
    ui: {
      executor: 'shared-iterations',
      options: {
        browser: {
            type: 'chromium',
        },
      },
    },
  },
  thresholds: {
    checks: ["rate==1.0"]
  }
}

export default async function() {
  const browser = chromium.launch();
  const context = browser.newContext();
  const page = context.newPage();

  try {
    // Goto front page, find login link and click it
    await page.goto('https://test.k6.io/', { waitUntil: 'networkidle' });
    await Promise.all([
      page.waitForNavigation(),
      page.locator('a[href="/my_messages.php"]').click(),
    ]);

    // Enter login credentials and login
    page.locator('input[name="login"]').type('admin');
    page.locator('input[name="password"]').type('123');
    // We expect the form submission to trigger a navigation, so to prevent a
    // race condition, setup a waiter concurrently while waiting for the click
    // to resolve.
    await Promise.all([
      page.waitForNavigation(),
      page.locator('input[type="submit"]').click(),
    ]).then(function(res) {
      console.log("headers: " + JSON.stringify(res[0].allHeaders()));
    });
    check(page, {
      'header': page.locator('h2').textContent() == 'Welcome, admin!',
    });
  } finally {
    page.close();
    browser.close();
  }
}

Expected behaviour

The test output should show the console.log() message with all headers, including also the cookie related headers after the login performed in the page.

Actual behaviour

The test output console.log() message does not include any cookie related header:

INFO[0003] headers: {"connection":"keep-alive","content-type":"text/html; charset=UTF-8","date":"Wed, 12 Jul 2023 09:30:39 GMT","transfer-encoding":"chunked","x-powered-by":"PHP/5.6.40"}  source=console

贡献者指南

技术栈
gojavascript
领域
testing
议题类型
bug
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
3
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
half day
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
blocked
清晰度议题是否清楚说明期望改动、验收标准和下一步。
clear
前置要求
Basic Go knowledgeUnderstanding of CDP protocol
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
30
研究方向
The issue involves the k6 browser module (xk6 browser) which handles Chrome DevTools Protocol (CDP) events. The fix requires adding handling of the `Network.responseReceivedExtraInfo` event to merge its headers into the `Response.AllHeaders()` output. Examine the response handling code in the xk6 browser repository, specifically files related to network event processing. Note that the issue has an assignee, so coordinate with them or wait for their work.