error "HTTP Status-Code=400 (Bad Request)" while replaying the vugen recorded script

Question

I have recorded script using vugen Load Runner record option but while replaying I am getting error message as HTTP Status-Code=400 (Bad Request). In run time viewer I am getting below message : HTTP Status-Code=400 (Bad Request) Message : POST Request does not contains CSRF protection header Description : The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

I verified the syntax , header is also present in the script. Below is the script part of where error occurred , please help to resolve the problem :

web_add_auto_header("Accept-Language", 
    "en-US");

lr_think_time(20);

web_submit_data("login", 
    "Action=https://Hostname/callosum/v1/session/login", 
    "Method=POST", 
    "RecContentType=application/json", 
    "Referer=https://Hostname/?disableSAMLAutoRedirect=true", 
    "Snapshot=t110.inf", 
    "Mode=HTTP", 
    ITEMDATA, 
    "Name=username", "Value=PERFTESTING", ENDITEM, 
    "Name=password", "Value=PERFTESTING", ENDITEM, 
    "Name=rememberme", "Value=false", ENDITEM, 
    LAST);

web_concurrent_start(NULL);

Did you try sending the CSRF header? Please go over the communication in your browser to check which header is needed. — Buzzy, Feb 04 '19 at 12:13
The snippet does not include any csrf token, that it seems to be required to initialize the session. You may want to call the homepage first, save the token into a parameter and send it with this request as header. — twinge, Feb 07 '19 at 08:48

error "HTTP Status-Code=400 (Bad Request)" while replaying the vugen recorded script

0 Answers0