Loadtesting with Gatling on an Angular app, receiving a CORS error.

Hi,

I am a newby with Gatling, and I am examining if we can use it in our environment.

I have an app that works and it uses AngularFire in Angular 7.0. AngularFire is used to connect to Googles Firebase.
If I use the selfsigned certificate option in the Gatling recorder GUI, then it does not work I get this error.

ERROR:

Cross-Origin-request blocked: The Same Origin Policy: no read on the external source https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key= is not allowed. (Reason: CORS-request failed)

But in my application it works fine.
So if Gatling is the men in the middle, there must be something maybe configured in Gatling so the response origin header is passed back to the app.
I have tried the default config, and use the self signed option Gatling recorder listen on port 8000 but also on port 443. I also see the recorder generating output, so thats ok.

But if I login in my app and then the connection to firebase is made then it gives the error

I use SDK version 3.0.3 from GatLing.

Any Idea how to fix this ?

Kind regards
Ben

Hi,

Do you set Origin header properly?
If so, please provide a reproducer we can run on our size so we can debug and investigate.

Cheers,

Thanks for coming back to me.

What do you mean by the origin header being set properly?

Yes, I will work on a reproducer

Thanks

I have send a mail with a reproducer.

The self-signed cert mode requires you to add security exceptions for all the domain you’re visiting.
Browsers only prompt the security warning page for the main HTTP requests, not for Ajax ones.
It’s very likely that your HTTP requests to https://www.googleapis.com and other google domains get blocked.

The best way is to use the CA mode. Or go with HAR.

HI Stéphane,

Thanks for your response, but if I look at the amount of errors in the logs of Gatling I quit with Gatling for this moment.
We have a license for Rational Performance Tester(RPT) from IBM which expires within a half year.
RPT does not have a problem with Single page applications with HTTPS calls. So in my opinion Gatling has some work to do.

So maybe later I try it again, because RPT is very expensive.
Thanks
Kind regards
Ben

If RTP has the same proxy mode and doesn’t have any issue with certified certificates, it can only mean that you’ve already installed the same kind of certificate authority as for Gatling’s proxy. There’s no other way for a proxy.
The other solutions would be:

  • a browser plugin (that we don’t have atm)
  • converting HAR (that we have).
    With the recommended Certificate Authority mode, I had no issue validating the login form.
    You application was failing on the next page, just like it did with Gatling’s proxy recorder.

HI,

I have it finally working with both the HAR file and the CA. File No more CORS exceptions.I can advice the HAR file approach is the easiest for anybody who tries to use Gatling with a Single Page application like Angular.

Stéphane was right: the problem is not the tool but the settings for the CA configuration.
Thanks

KR
Ben