Failed to build request: No attribute named 'csrftoken35' is defined for POST requests

I converted HAR file to Gatling simulations Scala script, but I have problem with extracting CSRF token from request header and which needs to be passed to POST requests. Below is snippet for one of the POST request.

private val headers_35 = Map(
  		"accept" -> "application/json",
  		"accept-language" -> "en",
  		"maxdataserviceversion" -> "3.0",
  		"pragma" -> "no-cache",
  		"sap-client" -> "100",
  		"sap-language" -> "EN",
  		"sap-passport" -> "2A54482A0300E60000756E64657465726D696E6564202020202020202020202020202020202020202000005341505F4532455F54415F557365722020202020202020202020202020202020756E64657465726D696E65645F737461727475705F302020202020202020202020202020202020200005756E64657465726D696E65642020202020202020202020202020202020202020363437444331324644333543343538324141354645343943363942303945433720202000076E14D0D2F5624FCA848A8158189A78CB0000000000000000000000000000000000000000000000E22A54482A",
  		"sec-ch-ua" -> """Not.A/Brand";v="8", "Chromium";v="114", "Google Chrome";v="114""",
  		"sec-ch-ua-mobile" -> "?0",
  		"sec-ch-ua-platform" -> "Windows",
  		"sec-fetch-dest" -> "empty",
  		"sec-fetch-mode" -> "cors",
  		"sec-fetch-site" -> "same-origin",
  		"x-csrf-token" -> "Fetch",
  		"x-requested-with" -> "XMLHttpRequest",
  		"x-xhr-logon" -> """accept="iframe,strict-window,window""""
  )

private val headers_98 = Map(
  		"accept" -> "application/json",
  		"accept-language" -> "en",
  		"content-type" -> "application/json",
  		"dataserviceversion" -> "1.0",
  		"maxdataserviceversion" -> "3.0",
  		"origin" -> "https://myfioripp.sap-finance.xxxx.xxxx.com:44305",
  		"pragma" -> "no-cache",
  		"sap-client" -> "100",
  		"sap-language" -> "EN",
  		"sap-passport" -> "2A54482A0300E60000756E64657465726D696E6564202020202020202020202020202020202020202000005341505F4532455F54415F557365722020202020202020202020202020202020756E64657465726D696E65645F737461727475705F302020202020202020202020202020202020200005756E64657465726D696E65642020202020202020202020202020202020202020464530373332333832443032344339364237353035364533343532433132324520202000076E14D0D2F5624FCA848A8158189A78CB0000000000000000000000000000000000000000000000E22A54482A",
  		"sec-ch-ua" -> """Not.A/Brand";v="8", "Chromium";v="114", "Google Chrome";v="114""",
  		"sec-ch-ua-mobile" -> "?0",
  		"sec-ch-ua-platform" -> "Windows",
  		"sec-fetch-dest" -> "empty",
  		"sec-fetch-mode" -> "cors",
  		"sec-fetch-site" -> "same-origin",
  		"x-csrf-token" -> "XBNe5sErfHVqCnzY6Ja8EQ==",
  		"x-requested-with" -> "XMLHttpRequest",
  		"x-xhr-logon" -> """accept="iframe,strict-window,window""""
  )

–This’s the first occurance of the CSRF Token from request_35 response headers

http("request_35")

.get("/sap/opu/odata/UI2/INTEROP/PersContainers(category='P',id='flp.settings.FlpSettings')?$expand=PersContainerItems&sap-cache-id=A6B728680E9841B14DB70350B30E166F")
 .headers(headers_35)
 .check(header("x-csrf-token").saveAs("csrftoken35"))

–This’s the request where we’re getting error as **> request_98: Failed to build request: No attribute named 'csrftoken35' is defined**.
–Here i’m overriding x-csrf-token values which’s extracted from request_35. But still getting abover error.

http("request_98")
 .post("/sap/opu/odata/UI2/INTEROP/PersContainers")
 .headers(headers_98)
 .header("x-csrf-token", "${csrftoken35}")
 .body(RawFileBody("data/0098_request.json")).asJson

Pl can someone look at this issue and let’s know if any resolution for this.

Hi @Raj007,

Did you try removing the former header in headers_98?
I guess Gatling is adding the value instead of overriding it.

Note, the uptodate syntax for Gatling Expression Language is with a # (to avoid confusion with kotlin/scala string interpolation syntax):

 .header("x-csrf-token", "#{csrftoken35}")

Cheers!

Hi Sebastien,

Thanks for the update.

I commented old one and added below thing to headers_98 request.
“x-csrf-token” → “Fetch”

After that i’ve overridden the csrftoken35 value in headers_98 request as below at request_98.
http(“request_98”)
.post(“/sap/opu/odata/UI2/INTEROP/PersContainers”)
.headers(headers_98)
.header(“x-csrf-token”, “${csrftoken35}”)
.body(RawFileBody(“data/0098_request.json”)).asJson

Pl confirm that you want me to remove old attribute(“x-csrf-token” → “XBNe5sErfHVqCnzY6Ja8EQ==”) from former header and override the new extract value at request_98.

And pl confirm that do we need to use ‘#’ instead of ‘$’ while passing correlation value as you mentioned below.
.header(“x-csrf-token”, “#{csrftoken35}”)

Hi Sebastien,

It works for main exec requests but it doesn’t override the header values under resource requests. Hence those requests are failing. Pl advise how to override the header values especially for resource requests.

And i’m unable to capture the one of the dynamic “secKey” values which comes from one of the request body. PFB request response body. And need to capture “secKey” value. I use below regex. But it captures everything from the right boundary. PFB regex which i used in script.

.check(regex(“&secKey=(.*)",”).saveAs(key = “cr_seckey”))

&expiration=20230613121452**&secKey=MIIBUgYJKoZIhvcNAQcCoIIBQzCCAT8CAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHATGCAR4wggEaAgEBMHAwZDELMAkGA1UEBhMCREUxHDAaBgNVBAoTE1NBUCBUcnVzdCBDb21tdW5pdHkxEzARBgNVBAsTClNBUCBXZWIgQVMxFDASBgNVBAsTC0kwMDIxMTEyMzMyMQwwCgYDVQQDEwNWSDMCCAogIgkEBTIBMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMzA2MTMxMDE0NTJaMCMGCSqGSIb3DQEJBDEWBBTw1kdZBaDWutf7vCZgaisRY8qGbTAJBgcqhkjOOAQDBC4wLAIUHtvaLOEAivZq9FvfD%2BXCQKX0RQYCFE4epVe9BYaiDy625Ew%2FDERoWvNY"**,“8”:{“SID”:“wnd[1]/shellcont/shell/shellcont[1]/shell”,“Type”:“GuiHtmlViewer”}}’ name=“itshtmlvwrfnC178” forwardDragDropEvents=“false” src=“about:blank” border=“no” frameborder=“0” scrolling=“auto” class=“lsIFrame lsControl–fullwidth urHtmlContainerBrd lsControl–fullheight”>

Pl advise how to capture this exact “secKey” dynamic value.

Try reading the Java regex documentation and using an online evaluator.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.