问题
I'm new to jMeter testing. I want to test the field update on UI. So When I run my test I'm getting the CSRF validation error. How can I resolve this. My test plan looks as,
And the sampler result is as follows,
Thread Name: Thread Group 1-1
Sample Start: 2014-11-18 23:37:49 IST
Load time: 688
Latency: 688
Size in bytes: 483
Headers size in bytes: 457
Body size in bytes: 26
Sample Count: 1
Error Count: 1
Response code: 401
Response message: Unauthorized : CSRF validation failed
Response headers:
HTTP/1.1 401 Unauthorized : CSRF validation failed
Date: Tue, 18 Nov 2014 18:08:07 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.5
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 18 Nov 2014 18:08:07 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1416334087"
Vary: Accept
Content-Length: 26
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json
Why do we get CSRF validation error and how to resolve it.
回答1:
CSRF stands for Cross-site request forgery and you're getting CSRF Validation error due to missing mandatory dynamic request parameter, usually a Cookie or a Header.
I would suggest executing your scenario in i.e. Firefox Browser with HttpFox or FireBug extension enabled and inspect request details. CSRF token usually comes as a cookie in server's response and needs to be passed as a header or request parameter. So it is similar to usual correlation. So the flow should look as follows:
- First HTTP Request: open first page
- Extract CSRF token from response via one of the following Post Processors
- Regular Expression Extractor
- XPath Extractor
- CSS/JQuery Extractor
- Second HTTP Request: open second page (CSRF-protected). Add the token, extracted in step 2 to one of the following:
- HTTP Request Parameter
- HTTP Header Manager
- HTTP Cookie Manager
Depending on where your server expects the token to live.
For the future, looking at your "localhost" server name - don't run JMeter performance tests on the same machine where application lives.
来源:https://stackoverflow.com/questions/27001134/unauthorized-csrf-validation-failed-in-jmeter-testing