I'm trying to run Lighthouse on my website from the command line.
When Chrome browser opens it comes without any cookies, therefore the desired page isn't loaded and instead I get my login page.
I tried to use --extra-headers flag when running lighthouse with a cookie, but I'm not sure this is the right way (and if so, what should be come inside "Cookie" attribute)
Running Lighthouse with:
lighthouse SITE_URL --output json --output-path ./report.json --extra-headers=./headers.json
And the headers.json file is:
{
"Cookie": "Username=my_username; Password:my_password;"
}
Is that the right way to insert a cookie for loading a website ?
If so, what is the right syntax for custom cookies?
To view the right syntax for the cookie, I logged in and copied the Session value for logging in.
{
"Cookie": "mySession=SESSION_HASH;"
}
Related
I'm trying to investigate the issue as I mentioned in the subject.
I login to the application and successfully able to land on the home page of my application through my JMeter code.
When I click on "user details" tab , I should be redirected 2 times.
Successfully able to redirect for the first time. For the second redirection I'm getting 500 error code instead of 302 again.
URL for "User details" is a plain URL, doesn't come with any need of correlation.
I have cookie manager with "standard"( tried all other options also on cookie manager)
I see that - cookie value SameSite=None; is also seen at request body along with other values only during the reply of my script(I do not see this in the recorded traffic/even if I cross verify using fiddler).
Would like to know if this can be a problematic. If so how can I remove this.
Try playing with Redirect Automatically and Follow Redirects boxes in the HTTP Request sampler
if it doesn't help - be aware that you can extract the redirect URL from the Location header using Regular Expression Extractor
If you think that the problem is with the cookie you can enable debug logging for the HTTP Cookie Manager by adding the next line to log4j2.xml file (lives in "bin" folder of your JMeter installation:
<Logger name="org.apache.jmeter.protocol.http.control" level="debug" />
this way you will be able to see what's going on under the hood in jmeter.log file as it might be the case that the cookie is broken somehow (expired, wrong path, etc.)
running django locally and with firefox, i login with http://localhost:8000/admin/ and after that i can access http://localhost:8000/myCustomApi successfully.
on insomnia every time i login with http://localhost:8000/admin/ i get {"code": "csrf", "reason": "CSRF cookie not set."} on the response. i tried this but didn't work. is there any tutorial to what should i do?
Install this plugin: https://insomnia.rest/plugins/insomnia-plugin-default-headers
Click on your environment and then on "Manage Environments"
3. In your environment, add a new env var:
{
"DEFAULT_HEADERS": {
"X-CSRFToken": "wSYUpsSIkXxjA8wBiojsCU7YgJGYySGFWiDHNoGhEpCWGxoIyNfIvw7hr2Au1a9J"
}
}
Replace the value with one you can find in your browser.
Now, that was for sending data to forms. If you need to make a request while being loggued, click on Cookies and add a new cookie with a name sessionid and the value that you will find in your browser.
Enjoy
Setting the X-CSRFToken didn't worked for me.
So I tried to "copy" the same request in the Insomnia environment.
In my case, what I did was:
Go to your Browser and do at least one successful request.
Go to Network tab and copy the Request Header with name Cookie.
Go to Insomnia and set this same header with it values.
Try debbugging from Insomnia.
Insomnia:
But if something seems different to you, just keep the same core: copy the request environment from browser to insomnia.
Remember the server can't see difference between an Insomnia client and the Browser if all the headers are the same.
i am playing around with Postman to get some insight on how things work behind the curtain and ran into, what I believe, is an issue but wanted to ask before I create a new issue on GitHub.
I am intercepting the request from my browser to the same site using the Postman Interceptor to use the request values in the native app. I have cookies enabled and the site (the whole domain) whitelisted.
When I use the history to resend the same request that was captured I get an auth error that is caused by the fact that the cookies are not included in the request (found that out by checking the cURL code snippet). I believe the reason for that is, that the cookies are set under another sub domain than that the request is send to.
I will try to include some pictures to clarify. My question here is:
Am I missing something/did I set something up in the wrong way
or is this an issue and I should create an issue in the official Postman Github page
cURL request
Cookies in Postman Native App
you should see if cookie is being send not using code snippet but the console :
its indeed sending cookies ,
How can you disable cookies set on youtube.com when using the YouTube IFrame Player API with privacy-enhanced mode videos played from the www.youtube-nocookie.com domain?
In the "Turn on privacy-enhanced mode" section in https://support.google.com/youtube/answer/171780?hl=en, it recommends using the www.youtube-nocookie.com domain to:
embed YouTube videos without using cookies that track viewing behavior.
This works well and doesn't set cookies as expected.
However, we use the IFrame Player API (with enablejsapi=1 on the embed params) which does set cookies. We see the following cookies set on the .youtube.com domain:
YSC
VISITOR_INFO1_LIVE
These get set as HTTP cookies from the Iframe Player API script at https://www.youtube.com/iframe_api (open a Chrome incognito window and view that script URL directly and inspect the cookies and you'll see the 2 above cookies set). I'm unsure what these cookies are exactly, but they look suspiciously like tracking cookies.
So, the fact that these are set before a user interacts with the video or takes any consenting action, means we can't use the IFrame Player API whilst still being GDPR compliant when it comes to the EU cookie directive.
So the question is, how can we use the IFrame Player API without it setting cookies?
Note: I've posted this with the tag youtube-iframe-api in the hope that Google with answer this as:
We support the YouTube IFrame API on Stack Overflow. Google engineers monitor and answer questions with the youtube-iframe-api tag.
(from https://developers.google.com/youtube/players/support)
I had a similar issue and decided to try using this script instead. However, so far, it doesn't seem clear from their docs how to achieve this without any cookies. Simply replacing https://www.youtube.com/iframe_api with https://www.youtube-nocookie.com/iframe_api results in a 404 error.
Based on this, I tried the below. This code creates a video player programatically and sets https://www.youtube-nocookie.com as the host. It does load the video and if you inspect it, you can see that no cookies get created initially; but if you start to play the video, https://www.youtube-nocookie.com sets a cookie called NID. In terms of setting cookies, this is the same result as loading a video via an iframe using www.youtube.com.
<div id="js-player"></div>
<script src="https://www.youtube.com/player_api"></script>
window.onYouTubePlayerAPIReady = function() {
new YT.Player(document.getElementById("js-player"), {
height: '315',
width: '560',
host: 'https://www.youtube-nocookie.com',
videoId: 'M7lc1UVf-VE'
})
};
https://jsfiddle.net/c9Lbksx6/
So it appears that no matter what you do, you will end up with at least 1 cookie when using the YouTube player API with JavaScript controls. Unfortunately, there doesn't seem to be an ideal solution to this at the moment.
I'm trying to implement an answer from another question on this site:
Detect when browser receives file download
I've followed all of the steps and everything is working up to the point where I try to retrieve the cookie. When I use Firebug I can see the cookie that I created in the header response, along with a cookie that was created earlier in the app by javascript.
The info in firebug for the two cookies is:
name:earlierCookie,value:1234,Domain:localhost,Path:/,Expires:Session,HttpOnly:false
name:cookiefromServer,value:5678,Domain:localhost,Path:/resource/upload/file,Expires:Session,HttpOnly:false
So, you can see that the cookies are in the same domain (they have different paths). When looking at document.cookie, only earlierCookie is present.
Why can I see cookieFromServer in Firebug and not in document.cookie?
Also, please tell me if I need to post more info.
I figured this out on my own. The problem is the path. Setting path to / from the server allows the cookie to show up in document.cookie I have no idea why this is and can't find good resources explaining it.