On the server side, is there any way to distinguish a request coming from an automated script from selenium webdriver vs. a request made by a physical user?
You could have webdriver set a specific cookie during its request, that way you know when you're dealing with a webdriver request.
Depending on the browser you're using or your implementation of the test, you could pass a header to the http request.
If you use chrome, you can build something to use ModifyHeaders extension. I'm sure you can use other similar things in firefox.
Another alternative is to use FiddlerCore in your testing framework and intercept the request and pass the custom header.
There are multiple other alternatives as well. Can you specify a little bit more where do you want to know who's running the test?
Related
I'm trying to create sress test with JMeter and herefor is absolute required to produce mouse onClick-event for some elements. But I cannot find any possibility to produce onClick-event with JMeter.
jMeter doesn't evaluate the HTML or JavaScript that is returned by the webserver, it just captures it.
So, no, you can't do an onClick event with jMeter. What you can do however is extract the url that the onClick event would trigger using the Regular Expression Extractor, and then feed that url to a new HTTP Sampler.
Jmeter is designed to simulate the server traffic (e.g. HTTP) generated by client (e.g. web browser). It does not simulate the entire browser. So no, you cannot produce or simulate the onClick() event, but you probably can simulate the traffic generated by that event.
To do this, you'll need a tool to capture the requests sent to the server when this onClick() event happens. Then you can model those requests in your JMeter script, just like you've modeled other requests.
JMeter is intended to run load (or general connectivity) tests against a back end service like, for example, a web application running on an application server like Tomcat, Weblogic, WebSphere, etc..
If you would like to 'drive' a browser in a test environment, take a look at tools like Selenium
Since you mentioned JMeter, I'm assuming you may want to stick to Java (or the JVM, at least) so you could look at Geb as an alternative to Selenium.
There are many other similar tools, though. Have a look at: http://alternativeto.net/software/selenium
I'm writing a simple HTTP server which should play nicely with most clients, but is only meant to implement a subset of HTTP 1.1.
During development it would be nice to be able to validate that the generated HTTP reponses are HTTP 1.1 compliant. Is there a tool that can do something along those lines?
Thanks /Erik
It's not a complete conformance suite, but RED does check for a number of different HTTP requirements, and finds common problems.
http://redbot.org/
You could just write unit test cases using any http client library. Make GET and POST requests to your webserver, parse the response and make assertions. As you add additional features, add more test cases.
For example, lets say you only support url-encoded POST requests. So, you write a test case which verifies your server understands url-encoded requests and responds appropriately. Tomorrow, when you add support for multi-part support - that would be another test case altogether.
Every programming language under the sun has good support for HTTP, so writing the test case is a no-brainer.
I have a Flex client that loads data from a server to display a chart. This data may change, so the client regularly repeats the request. Since the result may require some work to retrieve, I'm going to have the server detect if the result has changed, and issue a 304 status if it hasn't.
I haven't seen any headers in the Flash Player's requests which would indicate that it's already handling conditional GETs. Also, the HTTPService API doesn't seem to provide anything, either. Does that mean, Flash can't do this, or how can I implement this myself?
With regards to cookies, which aren't supported in Flash, I have heard the suggestion to build my own HTTP client on top of the Socket class. This might solve this issue, too, but frankly, I'm really not keen on doing that.
As an alternative, I could just cache the result page and send it again, but so far, the API tries to utilize semantics that are already built into HTTP, and I'd like to keep it that way.
In my experience Flash has dealt properly with HTTP 304 responses, though I haven't tried to change application behavior based on whether content was new or cached.
You may be able to detect the 304 responses and change your behavior if you use URLLoader instead of HTTPService and listen for the httpStatus event.
Not sure how your cookie question is related. Take a look at CookieUtil for accessing cookies from Flash through Javascript.
Take a look at another SO post:
Is it feasible to create a REST client with Flex?
I believe this will clarify some things for you.
Looking around, I can't name a single web application (not web service) that uses anything besides GET and POST requests. Is there a specific reason for this? Do some browsers (or servers) not support any other types of requests? Or is this only for historical reasons? I'd like to make use of PUT and DELETE requests to make my life a little easier on the server-side, but I'm reluctant to because no one else does.
Actually a fair amount of people use PUT and DELETE, mostly for non-browser APIs. Some examples are the Atom Publishing Protocol and the Google Data APIs:
http://www.ietf.org/rfc/rfc5023.txt
http://code.google.com/apis/gdata/docs/2.0/basics.html
Beyond that, you don't see PUT/DELETE in common usage because most browsers don't support PUT and DELETE through Forms. HTML5 seems to be fixing this:
http://www.w3.org/TR/html5/forms.html#form-submission-0
The way it works for browser applications is: people design RESTful applications with PUT and DELETE in mind, then "tunnel" those requests through POSTs from the browser. For example, see this SO question on how Ruby on Rails accomplishes this using hidden fields:
How can I emulate PUT/DELETE for Rails and GWT?
So, you wouldn't be on your own designing your application with the larger set of HTTP verbs in mind.
EDIT: By the way, if you're curious about why PUT/DELETE are missing from browser based form posts, it turns out there's no real good technical reason. Reading around this thread on the rest-discuss mailing list, especially Roy Fielding's comments, is interesting for some context:
http://tech.groups.yahoo.com/group/rest-discuss/message/9620?threaded=1&var=1&l=1&p=13
EDIT: There are some comments on whether AJAX libraries support all the methods. It does come down to the actual browser implementation of XMLHttpRequest. I thought someone might find this link handy, which tests your browser to see how compliant the HttpRequest object is with various HTTP options.
http://www.mnot.net/javascript/xmlhttprequest/
Unfortunately, I don't know of a reference which collects these results.
Quite simply, the HTML 4.01 form element only allows the values "POST" and "GET" in its method attribute
Some proxy servers with tough security policies might drop them. I'm using PUT and DELETE anyways.
I've read that some browsers do not support other HTTP methods properly, though I can't name any specifics.
Rails, in particular, will pack your forms with a method parameter to explicitly set this even if the browser doesn't support those methods. That seems like a reasonable precaution if you're going to do this.
I say use all the features of HTTP, browsers be damned, lol. Maybe it'll inspire more complete and proper use of the HTTP protocol moving forward. There's more happening on the net than just POSTs and GETs. About time browser implementations reflected this.
This depends on your browser and Ajax library. For example jQuery supports all HTTP methods even though the browser may not. See for example the jQuery "ajax" documentation on the "type" attribute.
The Restlet Java framework lets you tunnel PUT and DELETE requests through HTML POST operations. To do this, you just add method=put or method=delete to your URI's query string, eg:
http://www.example.com/user=xyz?method=delete ...
This is the same as Ruby on Rails' approach (as described by #ars above).
Personally, I really don't see any purpose for using PUT or DELETE in a web application. All operations that an application performs are read or write, aka input output. Why do you need to distinguish the nature of the operation in the header of the HTTP request?
I could make ajax calls with the same url of form /object/object_id
and do multiple operations like delete, update, get the value, or create.
Just by looking at the URL, I have no clue which one it is.
By using GET and POST only, my urls will be:
/object/id/delete
/object/id/create
/object/id/update
/object/id --> implied GET
etc.
Based on my limited experience, this is a lot cleaner than hidden header request types in many cases.
I am not saying one should never use PUT or DELETE, just saying, use them only if absolutely needed.
Refer to "RESTful Web API" by Leonard Richardson to read more about different use cases and conventions regarding HTTP request methods in a RESTful web api.
I need to be able to detect if flash was the originator of a request to an ASP.NET service. The reason being that Flash is unable to process SOAP messages when the response status code is something other than 200. However, I allow exception to bubble up through our SOAP web services and as a result the status code for a SOAP server fault is 500. Before Flash 10 I was able to check the referrer property and if it ended in .SWF I changed the status code to 200 so that our Flex application could process the SOAP messages appropriately. But since the introduction of Flash 10 the referrer is no longer sent. I would like to use the x-flash-version header, but it seems to only be sent when using IE, not FF.
Which brings me to my question: How can I reliably detect if Flash was the originator of a request to a service?
You cannot reliably do this - after all, it could be a proxy, or someone may have snooped your Flash component's traffic to work out how to reuse your API without whatever restrictions the Flash version wouldn't have.
For a basic sanity check to differentiate the output, then you could just as simply add a flag to say "Flash API version please"; But with all HTTP communications, it is relatively trivial to fake whatever is required.
How about http://domain.com/path/to/target?flash=true? If all you are doing is changing the api or returning different errors you don't need a secure detection method.
Edit: Note, this is definitely not "reliable" but do you truly need a reliable detection method or one that merely works? This works, it's just not secure and if you need it to be secure you are doing something wrong because it's impossible to know what client is actually in use.
You can check the user agent (but it could be faked), Flash uses something like "Adobe Flash"
The most secure way (of the easy options presented) is to Regex match the referrer URL which will have .swf in it.
That would be a heck of a lot harder to spoof than a query string/form param of &flash=true. It's certainly hackable using hacker tools that can send false HTTP headers (referrer) but out of the options presented it takes the most effort.