Forum Discussion

klaypigeon's avatar
Occasional Contributor
6 years ago

Extract CSRF/XSRF from response cookie to pass as header

Hi, I am having a hard time locating an answer to this. I keep getting info about passing cookies around. Essentially my authentication response contains a cookie: Set-Cookie: [XSRF-TOKEN="WtY3ztIh...
  • klaypigeon's avatar
    6 years ago

    I have a solution to the problem stated. This is the Groovy that allows me access to the CookieStore. I have it set up now so the X-XSRF-TOKEN header is getting created from the associated cookie value.


    Unfortunately the subsequent request is still failing with a 401. I'm out of ideas and the vendor is unlikely to help me with SoapUI issues since it works fine using Python requests package. I will update if I get it working.


    Make sure you have 'Maintain HTTP Session' checked.

    Create a new Property in your TestCase and assign it an arbitrary value. (mine is XSRF)

    Insert a Groovy script similar

    // Thanks to user Kristoffer for his find

    final httpStatePropertyName = com.eviware.soapui.model.testsuite.TestRunContext.HTTP_STATE_PROPERTY;
    final httpContext = context.getProperty(httpStatePropertyName);
    final cookieStore = httpContext.getAttribute("http.cookie-store");

    // Get cookies from store
    def cookies = cookieStore.getCookies();
    def xsrfToken;
    cookies.each {
    if ( == "XSRF-TOKEN"){
    s = it.value;
    //Strip quotes, tried with and without this
    xsrfToken = s.replace("\"", "");
    //Assign TestCase Property
    testRunner.testCase.setPropertyValue( "XSRF", xsrfToken );

    This value is assigned by creating a Header in my next request and assigning it the property value.

    X-XSRF-TOKEN = ${#TestCase#XSRF}