Chromium DevTools Protocol - deleteCookies - does not want to work - google-chrome-devtools

I'm trying to use Chromium DevTools protocol in CEF, more precisely the "Network.deleteCookies" method: https://chromedevtools.github.io/devtools-protocol/tot/Network/#method-clearBrowserCookies
1.First I upload stackoverflow.com and I log in on it and close the site.
2.Then I upload again stackoverflow.com and I see that I am logged in automatically, that is, Chromium has sent authorization cookies.
3.Now I'm uploading again stackoverflow.com BUT now I want to delete cookies using DevTools protocol, for this before Chromium sends the first request to stackoverflow.com - I'm calling DevTools method "Network.getCookies".
I get all the cookie data that is stored in the cookie cache for stackoverflow.com:
{"cookies":[{"name":"_ym_isad","value":"2","domain":".stackoverflow.com","path":"/","expires":1656592856,"size":9,"httpOnly":false,"secure":true,"session":false,"sameSite":"None","priority":"Medium","sameParty":false,"sourceScheme":"Secure","sourcePort":443},{"name":"_ym_uid","value":"1656511499689981928","domain":".stackoverflow.com","path":"/","expires":1688056856,"size":26,"httpOnly":false,"secure":true,"session":false,"sameSite":"None","priority":"Medium","sameParty":false,"sourceScheme":"Secure","sourcePort":443},...
I won't copy the entire json message- it's just that it's big. But, I have filtered out all the cookie names:
_ym_isad
_ym_uid
acct
OptanonConsent
_gid
_ym_d
__gpi
__gads
_ga
prov
Next I call DevTools method "Network.deleteCookies" for each cookie name:
the resulting Json code of the "Network.deleteCookies" method call is as follows:
{"id":13,"method":"Network.deleteCookies","params":{"name":"_ym_isad","url":"https://www.stackoverflow.com"}}
{"id":14,"method":"Network.deleteCookies","params":{"name":"_ym_uid","url":"https://www.stackoverflow.com"}}
{"id":15,"method":"Network.deleteCookies","params":{"name":"acct","url":"https://www.ru.stackoverflow.com"}}
{"id":16,"method":"Network.deleteCookies","params":{"name":"OptanonConsent","url":"https://www.stackoverflow.com"}}
{"id":17,"method":"Network.deleteCookies","params":{"name":"_gid","url":"https://www.stackoverflow.com"}}
{"id":18,"method":"Network.deleteCookies","params":{"name":"_ym_d","url":"https://www.stackoverflow.com"}}
{"id":19,"method":"Network.deleteCookies","params":{"name":"__gpi","url":"https://www.stackoverflow.com"}}
{"id":20,"method":"Network.deleteCookies","params":{"name":"__gads","url":"https://www.stackoverflow.com"}}
{"id":21,"method":"Network.deleteCookies","params":{"name":"_ga","url":"https://www.stackoverflow.com"}}
{"id":22,"method":"Network.deleteCookies","params":{"name":"prov","url":"https://www.stackoverflow.com"}}
4.Next, a message comes from DevTools for each call to "Network.deleteCookies":
{"id":3,"result":{}}
That is, the method completed successfully without errors.
HOWEVER, the cookies have not been deleted, and CEF/Chromium sends these cookies to the server.
What's wrong? DevTools "Network.deleteCookies" method - doesn't work ?

Related

JMeter: Redirect after post not sending cookies

I am attempting to Login to my app with JMeter Script.
I have Cookie Manager and a Cache Manager added
My Thread Group script
GET on main login page (/app) to return session id and form fields
and cookie
POST of completed form fields with cookie (/posthandler) with "follow redirects
What happens is
POST sends initial cookie (from GET) and form fields and logs in ok
the session is established (I see a record in our app database)
the response is a redirect with a new cookie
JMeter redirects (GET) to the session url (/app?session=xxxxx)
this goes with "[no cookies]" (according to request panel)
As that request arrives without the new cookies - the app issues a second redirect back to the login page.
So is there a way to force the GET Redirect after the POST response to send the cookie?
My theory is that JMeter is that, because of the different URI path for the POST and redirect GET, JMeter is not sending the cookie.
I have tried
various Cookie Manager settings (standard, default, compatibility).
followed this Understanding and Using JMeter Cookie Manager and set check.cookies=false.
and advice SO - JMeter: Login flow involving URL redirection not working including making sure there was an init
My problem was self-inflicted !
I was running against a different environment than usual which had a different context root e.g. /test/app rather than /app. For this I amended my ${Domain} User parameter with "my.domain.com/test" rather than adjust all the Path settings.
For requests sent this approach appeared to work as the ${Domain}+${Path} resolved to the correct URL - but the Cookies created by the server were for ${Path} (as in /test/app) and JMeter was seeing this differently (as in /app).
I have now introduced a ${CtxRoot} User variable (set to /test/) and prepended this to all my Path values - and my Login is now working.

Chrome DevTools - how to track network request when URL triggers Save dialog

When the URL entered into the Chrome address bar results in the Save As dialog being popped (Content Type is not recognised), the network request never appears in the network tab in dev tools.
Is there a way I can track this to see the response headers from within Chrome, ie. without resorting to external tools like tcpdump or fiddler?
Yes, it's possible to access the request/response data in a more raw form using the network internals interface provided in Chrome. Navigate to chrome://net-internals/ (can't make it a link)
Click on the 'Events' links to see the recent requests and active sockets. I recommend using the filter at the top to remove some of the noise.
Select the relevant entry corresponding to the source type URL_REQUEST.
On the right hand side, you will see a whole load of data, but the request headers will appear under the HTTP_TRANSACTION_SEND_REQUEST_HEADERS section, and the response headers will appear under the HTTP_TRANSACTION_READ_RESPONSE_HEADERS section.
The following is an example from a simple Node server I set up to return a response with the 'Content-Type': 'application/octet-stream'} header. This forces the browser to download.

Chrome don't send back cookie

I have a web app. To work it usestwo server:
Application server (based on Delphi datasnap) SERV_A
WebServer apache SERV_W
These are the user steps:
STEP1 Login
The user call index page from SERV_W, write user and password and call a procedure by HTTP POST to SERV_A. SERV_A respond by a session_id passed by a Cookie (response header has Set-Cookie: sessionid=123456)
STEP2 Get url list
The user call another SERV_A procedure by HTTP GET to retrieve a list of url
For example an url is: http://host_serv_a:port/datasnap/rest/TServerMethods1/getPDF/003
STEP3 Click on a link
The user sees a list of link and click on one of those.
Automatically the browser do an HTTP GET to retrieve the resource to SERV_A.
Ok, this is my problem:
On STEP3 SERV_A want the sessionId, passed in a cookie but the browser never send the cookie. Why? My browser (Chrome) don't have limitation to manage cookie.
I have found a solution here https://divshot.com/blog/static-apps/cookies-and-cors/ (Web Standards Are Awesome)
To manage cookies correctly server and client have to agree:
Client: set withCredentials option to true in the ajax call
Server: set Access-Control-Allow-Credentials: true header in the response

Unable to play deezer content from javascript-samples. VALID_TOKEN_REQUIRED

I'm exploring the capabilities of deezer javascript sdk.
All looks fine and working on the developer.deezer.com site but when I'm trying to replicate this on my localhost http server it fails to play any song.
create a deezer app with domain being my local ip.
downloaded the https://github.com/deezer/javascript-samples/tree/master/basic-custom-player
changed the index.html to match the app id and the url to the channel.html (again, using my server local ip)
served the files using node.js and a serve-static
launched chrome (windows, latest) and directed it to the /index.html
login button works
but when I hit the play button nothing is played. The chrome network inspector shows A LOT of requests to get the pageAlbum and all those requests fail with VALID_TOKEN_REQUIRED.
Request url (the actual api_token changes with each request and is different than the one from the login request)
http://www.deezer.com/ajax/gw-light.php?api_version=1.0&api_token=fd120a7ce34fa1e18e4cb75237785b9a&input=3&cid=00568e39151fd6bf1
Request body
[{"method":"deezer.pageAlbum","params":{"alb_id":"2962681","lang":"ro","header":true,"tab":12}}]:
Response
[{"error":{"VALID_TOKEN_REQUIRED":"1"},"results":{}}]
I have also tried:
- get a free domain and try from there, same result
- use the deezer widget from local html files (file:///) and from the local server (http://). same result
What am I missing?
It seems that is has something to do with cookies.
I changed the browser policy to not block third party cookies. And the deezer widget started working. Then I have only allowed third party cookies from [*.]deezer.com and it continued to work. Once I chose to block again all third party cookies, the widget stopped working.

HTTP 302 redirect caching on Opera Mini

I'm developing a site where I am using the common Post/Redirect/Get pattern (https://en.wikipedia.org/wiki/Post/Redirect/Get) when submitting forms. In my particular case this is items for a todo list - so I'm POSTing to say https://example.com/group, processing that request server side adding the new item to a database, and then returning a 302 response (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.3) to indicate the browser should redirect (GET) to https://example.com/group which then displays a list of all the todos submitted to the db. This partly works as expected on Opera Mini, but on both Opera Mini on Android (v12) and on the microemulator on Mac OSX (I haven't tested on other versions), the resulting page shows the list of todos without the new item, until I refresh the page manually at which point the list returned does include the new item.
I'm assuming what's happening here is that the page being shown after the redirect is the version which has been cached on Opera's proxy server previous to the POST request. If this is the case, is there a way I can indicate to the proxy server that it should display a fresh version of the page from my server rather than the cached version? I have also tried the more correct 303 status code (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.4) but the same thing happens - although the spec says for this:
The 303 response MUST NOT be cached, but the response to the second (redirected) request might be cacheable'
although I have found no references to how this redirected request can me marked as non-cacheable. Incidentally all other browsers seem not to cache this redirected request at all.
Thanks very much for you help in advance.
Chris.