We are experiencing an issue with running TestCafe where it will consistently stall on an API call. The application outside of TestCafe will consistently run without issue. From what I can trace, it seems to be within the TestCafe Hammerhead proxy request-pipeline.
I can see the request is (pending) but we don't see the request actually reaching the API server logs. There is an auth token in the request and I can see that Hammerhead will manage the auth flow from the header prefix:
~~~TestCafe added this prefix to control the authorization flow~~~
We have other API calls with non-standard auth headers (x-ns-authorization). TestCafe/Hammerhead will not stall on these calls and there is no added prefix. With the request that stalls, we cannot modify the auth header.
These are the versions we're running:
Node 14.20.1
└─┬ testcafe#2.1.0
├── testcafe-hammerhead#28.1.0
Hammerhead becomes a black box (aside from source code) as I don't see a way to debug the proxy. Is there a way to debug the proxy server? Or is it possible to prevent TestCafe from controlling the auth flow?
Also to note: the full tests will run successfully about <10% of the time. So it's a bit random when the tests don't stall.
Related
We are using a token sent as uri parameter to our website. But the website makes an xhr request, testcafe is adding prefix:
:~~~TestCafe added this prefix to control the authorization flow ~~~ TOKEN_XXX
I believe this prefix shouldn't be added to this request
Node JS version : "v16.13.2"
Test Cafe version : "2.2.0"
Platform : Windows 10
Chrome Version 108
TestCafe uses this prefix when exchanging messages between the client and the TestCafe proxy. When sending a request to your application's server, the prefix is removed.
If a request with such a prefix in the header arrives at the server of your application, this behavior is incorrect. In this case, please create an issue in the TestCafe repository on GitHub. Please attach an example to the issue that reproduces the behavior you described.
We are using the AZ CLI GitHub Action azure/CLI (https://github.com/marketplace/actions/azure-cli-action)
The script that this workflow calls makes an HTTP request to an external API. This cURL call fails with the following:
curl: (60) SSL certificate problem: certificate has expired
More details here: curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
However I can confirm that the same request works locally.
The problem workflow step looks like this:
- name: Run script
uses: azure/CLI#1.0.4
with:
azcliversion: 2.0.72
inlineScript: |
$GITHUB_WORKSPACE/github/scripts/script.sh
Why does cURL think that the SSL cert for the external API domain is expired, when I can make the same call to the same API domain successfully on my own machine?
It seems the problem was that the azcliversion points to a version of the AZ CLI that has outdated certificates.
The problem was solved by removing the azcliversion field altogether, as the default version is latest, as specified in the docs for the action:
azcliversion – Optional Example: 2.0.72, Default: latest
So the step now looks like this:
- name: Run script
uses: azure/CLI#1.0.4
with:
inlineScript: |
$GITHUB_WORKSPACE/github/scripts/script.sh
Probably related to this: https://twitter.com/letsencrypt/status/1443621997288767491
Our cross-signed DST Root CA X3 expired today. If you are hitting an error, check out fixes in our community forum. We're seeing higher than normal renewals, so you may experience a slowdown in getting your certificates.
I have an APIM policy using choose that is going down an unexpected logic path.
How Do I Access Active Directory Users/Groups In An Azure APIM Policy?
How do I debug this?
Is there a verbose mode that adds extra info to some logs?
Is it possible to dump the contents of the context or context.User or context.User.Groups to a log file that I can read?
How would I do that and where would the log file be?
Currently you cannot really debug.
You may add <trace source="yourtraceidentifier">#(...your expression to trace goes here...)</trace> policy expressions which you would see
in the developer portal trace
on the URL emitted by the response HTTP header Ocp-Apim-Trace-Location: https://apimstoxnurcnsqhqwudvs35.blob.core.windows.net/apiinspectorcont... when you turn on the HTTP header Ocp-Apim-Trace: true
in the future this trace information should also be emitted to Application Insights telemetry as trace elements
correction August 2021
With the Visual Studio extension for API Management it is possible to debug policies : https://learn.microsoft.com/en-us/azure/api-management/api-management-debug-policies
I am setting up automated deployment pipeline for my website ,as part of it i have to automate Api import using VSTS RM . I have achieved this using custom PS scripts in VSTS tasks. I have used swagger url to import
i.e
Import-AzureRmApiManagementApi –Context $apimContext –SpecificationFormat 'swagger' –SpecificationUrl 'http://mywebapp.com/swagger/docs/v1' –Path 'apis'
To Improve the security we have implemented to redirect the http request https which is secured by client certificate. Here comes the problem.
Now we are not able to use above command to import which is returning 403 forbidden error as API manager don't have option to bypass certificate validation. what can be done to solve this ?
Even i have tried to invoke-webrequest the url with specific cert and to import the API which worked fine in my local machine.
$swaggerurl="https://mywebapp.org/swagger/docs/1"
$cert=New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("xyz.cer")
$test=Invoke-WebRequest -Uri "$swaggerurl" -Certificate $cert
$test.statuscode
Import-AzureRmApiManagementApi –Context $apimContext –SpecificationFormat 'swagger' –SpecificationUrl 'http://mywebapp.com/swagger/docs/v1' –Path 'apis'
But not in VSTS Inline power shell. It is not accepting certificate value and returning 403 forbidden error.
Please let me know how to resolve this ?
Issue :
1.Unable to import to API manager due to https client certificate validation on swagger url.
VSTS inline power shell not accepting certificate parameter details even though i use the right cert. Same case works in local machine. is there any limitation in VSTS inline power shell.
Thanks in advance.
Using Azure PowerShell step/task instead. (Include in Deploy category)
For this to work, API Management service needs to make the WebRequest on your behalf to the url, with a ClientCertificate in the Request.
We currently don't provide that option to call Import-AzureRmApiManagementApi with a Client Certificate.
Only available option is to make WebRequest using Powershell (Invoke-RestMethod), download the swagger to a local file and use the -SpecificationPath parameter in the cmdlet
This issue has been resolved by changing the private agent to run as admin account. Now Everything works as expected :)
Import of API using VSTS private agent
I am trying to enable push notifications on my website using VAPID keys.
When i include the gcm_sender_id and remove the applicationServerKey from the pushManager.subscribe method, it runs fine.
Only when i enable VAPID keys and remove the gcm_sender_id from manifest.json file. i get the foloowing error.
DOMException: Registration failed - push service error
I am using Chrome browser.
I encountered this error in Brave browser. By default, Google Services for push messaging are disabled in Brave. To enable this, open the following URL in brave:
brave://settings/privacy
After this, enable the flag "Use Google services for push messaging":
Source:
https://github.com/firebase/firebase-js-sdk/issues/3195#issuecomment-848036637
The applicationServerKey that i was using in the pushManager.subscribe method was somehow incorrect.
It worked when i regenerated the keys in node using the following module.
const webpush = require('web-push');
const vapidKeys = webpush.generateVAPIDKeys()
In my case,I was trying to run firebase messaging on a flutter web.
My Browser was BRAVE.
It always failed with an exception of firebase fcm registration push servic error.
I followed #Nicodemuz answer, but it didn't solve the issue. I get the same error.
The only solution was setting Google chrome as my executable.
Anyhow the issue is not with firebase or flutter, it's with the brave browser itself.