Can't interact with websites that require CSRF Tokens

[bramroop]

Are you requesting a feature or reporting a bug?

Bug

What is the current behavior?

Interaction is blocked on certain websites that require CSRF Tokens (website warns that cookies need to be enabled before you can submit forms)

What is the expected behavior?

Interactions on such websites should be allowed even through testcafe

How would you reproduce the current behavior (if this is a bug)?

Use testcafe to try to submit a form (eg, try to login to the website below) by executing
testcafe chrome <test_file>

Provide the test code and the tested page URL (if applicable)

Tested page URL: https://mypharmacy.shoppersdrugmart.ca/en/login

Test code

import { Selector } from 'testcafe';

const url = 'https://mypharmacy.shoppersdrugmart.ca/en/login';

fixture `Login`
    .page(url);

test('Login', async t => {

    await t
        .typeText(Selector('[name="email"]'), '[email protected]')
        .typeText(Selector('[name="password"]'), 'password')
        .click(Selector('[value="Continue"]'))

    const pageHeader = await Selector('.notification-bar__text');

    // Obtain the text of the article header
    let headerText = await pageHeader.innerText;
    console.log("Actual header text = " + headerText)

    await t.expect(headerText).eql('The email and/or password you entered are not correct.')
});

Specify your

• operating system: macOS Sierra 10.12.4
• testcafe version: 0.18.5
• node.js version: v7.7.1

[LavrovArtem]

Hi @bramroop,
I've reproduced your problem with TestCafe v0.18.5. The latest version doesn't seem to have such a problem. Could you please update TestCafe to version v0.18.6 and try again?

[bramroop]

Hi @LavrovArtem thanks for your help. Unfortunately I'm still getting the same issue even after upgrading to v0.18.6

$ testcafe --version
0.18.6
$ testcafe chrome testcafe_test.js 
 Running tests in:
 - Chrome 64.0.3282 / Mac OS X 10.12.4

 Login
Actual header text = Please enable cookies to continue.
 ✖ Login

   1) AssertionError: expected 'Please enable cookies to continue.' to deeply equal 'The email and/or password you entered are not correct.'

      Browser: Chrome 64.0.3282 / Mac OS X 10.12.4

         16 |
         17 |    // Obtain the text of the article header
         18 |    let headerText = await pageHeader.innerText;
         19 |    console.log("Actual header text = " + headerText)
         20 |
       > 21 |    await t.expect(headerText).eql('The email and/or password you entered are not correct.')
         22 |});
         23 |

         at <anonymous> (testcafe_test.js:21:32)



 1/1 failed (5s)

Is there any other difference in the way we're running things that you can think of that might be causing the issue?

Thanks again

[AlexanderMoskovkin]

Hi @bramroop,

It's seem I can reproduce the issue on my side. I run it 6 times. It was failed 5 times but it was passed once. We'll investigate with @LavrovArtem why it happens

[LavrovArtem]

I've reproduced the issue and created a separate issue in our proxy server repo.

[AlexanderMoskovkin]

Great! Let's keep this issue opened to track the progress.

[shiveshyadav]

I am facing similar issue for one of our application :
testcafe --version 0.18.6
Chrome 63.0.3239
Windows 7.0.0
We are not able to interact with one web application , it continuously showing loading without error. I have checked proxy and firewall as well for another application on same network it is working fine.

[arobert3434]

Getting maybe a related issue, with both 0.17.2 and 0.18.6. Our client side js has code xhr.setRequestHeader('XSRF-Token', $.cookie("myCookie") in an AJAX prefilter. This works fine from manual user operation, but when testcafe runs, we get XSRF error. I dug a bit and am going to post what I found, even though I don't fully understand it.

We see three requests to the server, the first is NOT intercepted by testcafe, the second one is, and then the third one fails:

1. GET https://example.com/picture/f022
   -> 401
2. GET http://172.20.128.1:52856/BkEbZGfjG/https://example.com/picture/f022
   -> 200
3. http://172.20.128.1:52856/BkEbZGfjG/https://example.com/dosomething
   -> XSRF mismatch

The first 401 is because our "logged in" cookie is not present at all in the browser's session for example.com. Testcafe is not proxying this request for some reason. Then it seems to "notice" this and it sends the second request. I would expect the third request to succeed, since both it and the immediately preceding request were correctly proxied, but somehow our client Javascript is no longer accessing the latest cookie.

I don't fully understand why, but in any case I'd bet that if testcafe did not allow request 1 through, the problem would not happen. Maybe someone more familiar with how testcafe does request interception could comment?

[LavrovArtem]

Hi @SolaTest,
I'd like you to have a look at forum thread by link below.

https://testcafe-discuss.devexpress.com/t/testcafe-not-always-catching-requests-from-browser/818/3?u=lavrovartem

[vigneshwar-v]

Anything on this??

[arobert3434]

@LavrovArtem All right, that post says image requests are not proxied. That's unfortunate in our case, as we serve some of our images behind authentication, and have not implemented a separate CSRF pathway for those. We can work around it, but it would be better if there were at least an option to just let image requests go through the same pathway. Is there a ticket for this? Or were there actually measured performance issues with that approach?

[LavrovArtem]

Hi @SolaTest
At this point, you cannot turn off this behavior. This feature will be available after we implement the #1341 issue. You can track the issue to stay informed. Now it is in the pull request stage but soon you will be able to try it in a pre-release build.

[miherlosev]

@bramroop @vigneshwar-v @shiveshyadav @SolaTest

The cause of the problem is described in DevExpress/testcafe-hammerhead#1486. Track it to stay informed about our progress.

[AndreyBelym]

Hi @bramroop @SolaTest @shiveshyadav, thanks for sharing your problems. I close this because it's duplicated by DevExpress/testcafe-hammerhead#1486. You can use DevExpress/testcafe-hammerhead#1486 to track the progress in resolving this issue, and I will inform you when a fix is available on NPM.

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs or feature requests. For TestCafe API, usage and configuration inquiries, we recommend asking them on StackOverflow.