Hi folks,
yesterday I tried putting together a load test against Alfresco
by simply recording a session.
Alfresco uses a special Header for CSRF protection. Its value
by comes from a Cookie of the same name. We tried inserting that
value into the header, first by simply using
<Header.value>${CSRFToken}</..>
Then via ${COOKIE_Alfresco-CSRFToken}, and finally via
${__urldecode(${COOKIE_Alfresco-CSRFToken})}
neither of those gave us the desired result. If we used a Variable
the value would always be URL-encoded. If we didn't use a variable
then alfresco would complain that we're trying to forge a request,
because the token was already used.
Any advise and how to solve this problem would be greatly appreciated.
Thank you in advance,
-- i
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: [email protected]
URL: http://brainsware.org/
GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
