I'm new to jMeter testing. I want to test the field update on UI. So When I run my test I'm getting the CSRF validation error. How can I resolve this. My test plan looks as,
And the sampler result is as follows,
Thread Name: Thread Group 1-1
Sample Start: 2014-11-18 23:37:49 IST
Load time: 688
Latency: 688
Size in bytes: 483
Headers size in bytes: 457
Body size in bytes: 26
Sample Count: 1
Error Count: 1
Response code: 401
Response message: Unauthorized : CSRF validation failed
Response headers:
HTTP/1.1 401 Unauthorized : CSRF validation failed
Date: Tue, 18 Nov 2014 18:08:07 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.5
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 18 Nov 2014 18:08:07 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1416334087"
Vary: Accept
Content-Length: 26
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json
Why do we get CSRF validation error and how to resolve it.
CSRF stands for Cross-site request forgery and you're getting CSRF Validation error due to missing mandatory dynamic request parameter, usually a Cookie or a Header.
I would suggest executing your scenario in i.e. Firefox Browser with HttpFox or FireBug extension enabled and inspect request details. CSRF token usually comes as a cookie in server's response and needs to be passed as a header or request parameter. So it is similar to usual correlation. So the flow should look as follows:
Depending on where your server expects the token to live.
For the future, looking at your "localhost" server name - don't run JMeter performance tests on the same machine where application lives.