Forum Discussion

CEXtakkaya's avatar
CEXtakkaya
New Contributor
9 years ago

Verify Scenario With Warnings

After creating a scenario I ran "Verify Scenario" which had 16 requests with the same warning. The recorded status code was 200 so that's what it expected from the simulation apparently, but I received 403 for all of them. Why would this change from the recorded response? It seems the simulation completed fine otherwise and ran the entire recorded duration.

 

Thanks

  • WesleyG's avatar
    WesleyG
    Occasional Contributor

    403 = access forbidden

     

    The only thing I can really think of is that you are trying to view a page that you need to be logged in to view. If that's the case, you need to record the test again, but before going to those pages you need to sign in (while you are recording).

     

    Another thing that stuck out to me that I'm not too sure about is in the simulated response body where it says "CSRF Attempt. Token." CSRF stands for Cross-site request forgery. If you search for more information on that, you might be able to figure out why the request is failing.

    • CEXtakkaya's avatar
      CEXtakkaya
      New Contributor

      I started my recordings with a login, so I'm not sure why I still get this forbidden status code. 

       

      Thanks

      • WesleyG's avatar
        WesleyG
        Occasional Contributor

        I did some more research on CSRF and it seems like there is some kind of token that you need to retrieve from one of the responses, then relay that token in the requests. 

         

        What you can do is record your test a few times, and look at which parameter in the requests is different (that will be your token). Then you can use Data Selectors and Data Replacers to get the token and put it where it needs to be.