test: add tests for POST requests

Author: gingerbenw

packages/plugin-http-errors/test/http-errors-xhr.test.ts

@@ -211,7 +211,7 @@ describe('plugin-http-errors', () => {
       expect(notifyCallbacks.length).toBe(0)
     })
 
-    it('should redact specified headers and query parameters in XHR URLs', async () => {
+    it('should redact specified query parameters in XHR URLs', async () => {
       const notifyCallbacks: Event[] = []
 
       plugin = createPlugin({
@@ -228,7 +228,6 @@ describe('plugin-http-errors', () => {
       xhr.responseText = 'Forbidden'
 
       xhr.open('GET', 'https://api.example.com/data?userId=42')
-      xhr.setRequestHeader('token', 'super-secret-token')
       xhr.send()
 
       await new Promise(resolve => setTimeout(resolve, 20))
@@ -238,8 +237,6 @@ describe('plugin-http-errors', () => {
 
       // Verify that sensitive query parameters are redacted
       expect(event.request.url).toBe('https://api.example.com/data?userId=[REDACTED]')
-      expect(event.request.params).toEqual({ userId: '[REDACTED]' })
-      expect(event.request.headers?.['token']).toBe('[REDACTED]')
     })
   })
 })

packages/plugin-http-errors/test/http-errors.test.ts

@@ -682,72 +682,4 @@ describe('plugin-http-errors', () => {
       expect(requestMetadata.params).toEqual({})
     })
   })
-
-  describe('redacted keys', () => {
-    it('should redact specified headers in request and response', async () => {
-      const notifyCallbacks: Event[] = []
-
-      plugin = createPlugin({
-        httpErrorCodes: { min: 400, max: 499 }
-      })
-
-      const client = new Client({ apiKey: 'api_key', plugins: [plugin], redactedKeys: ['authorization'] })
-      client._setDelivery(createMockDelivery(notifyCallbacks))
-
-      mockFetch.mockResolvedValue({
-        ok: false,
-        status: 404,
-        url: 'https://example.com/api/users',
-        headers: new Headers({
-          'content-type': 'application/json',
-          authorization: 'Bearer secret-token'
-        }),
-        text: async () => 'Not found'
-      })
-
-      await fetch('https://example.com/api/users', {
-        headers: new Headers({
-          authorization: 'Bearer secret-token'
-        })
-      })
-      await new Promise(resolve => setTimeout(resolve, 10))
-
-      expect(notifyCallbacks.length).toBe(1)
-      const event = notifyCallbacks[0].toJSON()
-      const requestHeaders = event.request.headers
-      const responseHeaders = event.response.headers
-
-      expect(requestHeaders?.authorization).toBe('[REDACTED]')
-      expect(responseHeaders.authorization).toBe('[REDACTED]')
-    })
-
-    it('should redact specified query parameters', async () => {
-      const notifyCallbacks: Event[] = []
-
-      plugin = createPlugin({
-        httpErrorCodes: { min: 400, max: 499 }
-      })
-
-      const client = new Client({ apiKey: 'api_key', plugins: [plugin], redactedKeys: ['token'] })
-      client._setDelivery(createMockDelivery(notifyCallbacks))
-
-      mockFetch.mockResolvedValue({
-        ok: false,
-        status: 404,
-        url: 'https://example.com/api/users?token=secret-token&userId=123',
-        headers: new Headers(),
-        text: async () => 'Not found'
-      })
-
-      await fetch('https://example.com/api/users?token=secret-token&userId=123')
-      await new Promise(resolve => setTimeout(resolve, 10))
-
-      expect(notifyCallbacks.length).toBe(1)
-      const event = notifyCallbacks[0].toJSON()
-      const params = event.request.params
-
-      expect(params.token).toBe('[REDACTED]')
-      expect(params.userId).toBe('123')
-    })
-  })
 })

test/browser/features/fixtures/http_errors/src/app.tsx

@@ -5,22 +5,54 @@ import { apiKey, endpoints, plugins, REFLECT_ENDPOINT } from './lib/config'
 
 Bugsnag.start({ apiKey, endpoints, plugins, redactedKeys: ['X-Token', 'userId'] })
 
+function xhrGet () {
+  const xhr = new XMLHttpRequest()
+  xhr.open('GET', `${REFLECT_ENDPOINT}?status=404&userId=12345`)
+  xhr.setRequestHeader('X-Token', 'super-secret-token')
+  xhr.send()
+}
+
+function xhrPost () {
+  const xhr = new XMLHttpRequest()
+  xhr.open('POST', `${REFLECT_ENDPOINT}?status=403&userId=12345`)
+  xhr.setRequestHeader('X-Token', 'super-secret-token')
+  xhr.send('this is the request body')
+}
+
+function fetchGet () {
+  fetch(`${REFLECT_ENDPOINT}?status=401&userId=12345`, { 
+    headers: { 'x-token': 'super-secret-token' }
+  })
+}
+
+function fetchPost () {
+  fetch(`${REFLECT_ENDPOINT}?status=408&userId=12345`, { 
+    method: 'POST',
+    body: 'this is the request body',
+    headers: { 'x-token': 'super-secret-token' }
+  })
+}
+
 function App () {
   useEffect(() => {
     const params = new URLSearchParams(window.location.search)
-    const type = params.get('request') === 'xhr' ? 'xhr' : 'fetch'
 
-    switch(type) {
+    switch(params.get('request')) {
       case 'xhr':
-        const xhr = new XMLHttpRequest()
-        xhr.open('GET', `${REFLECT_ENDPOINT}?status=404&userId=12345`)
-        xhr.setRequestHeader('X-Token', 'super-secret-token')
-        xhr.send()
+      case 'xhr-get':
+        xhrGet()
+        break
+      case 'xhr-post':
+        xhrPost()
         break
       case 'fetch':
-      default:
-        fetch(`${REFLECT_ENDPOINT}?status=404&userId=12345`, { headers: { 'x-token': 'super-secret-token' }})
+      case 'fetch-get':
+        fetchGet()
+        break
+      case 'fetch-post':
+        fetchPost()
         break
+      default:
     }
 
   }, [])

test/browser/features/http_errors.feature

@@ -4,14 +4,14 @@ Feature: HTTP Errors
   HTTP errors plugin reports network request failures, including those made using fetch, and xml http requests.
 
   @requires_fetch
-  Scenario: Fetch request
+  Scenario: Fetch Request - GET
     When I navigate to the test URL "/http_errors?request=fetch"
     And I wait to receive an error
     Then the error is a valid browser payload for the error reporting API
 
     And I define "expected.context" as "GET <browser.hostname>"
-    And I define "expected.exception.message" as "404: <browser.url>/reflect?status=404&userId=[REDACTED]"
-    And I define "expected.request.url" as "<browser.url>/reflect?status=404&userId=[REDACTED]"
+    And I define "expected.exception.message" as "401: <browser.url>/reflect?status=401&userId=[REDACTED]"
+    And I define "expected.request.url" as "<browser.url>/reflect?status=401&userId=[REDACTED]"
 
     And the exception "errorClass" equals "HTTPError"
     And the error payload field "events.0.exceptions.0.message" equals the stored value "expected.exception.message"
@@ -22,20 +22,52 @@ Feature: HTTP Errors
 
     And the error payload field "events.0.request.url" equals the stored value "expected.request.url"
     And the event "request.httpMethod" equals "GET"
-    And the event "request.params.status" equals "404"
+    And the event "request.params.status" equals "401"
     And the event "request.params.userId" equals "[REDACTED]"
     And the event "request.headers.x-token" equals "[REDACTED]"
-    And the event "request.body" equals ""
-    And the event "request.bodyLength" equals 0
+    And the event "request.body" is null
+    And the event "request.bodyLength" is null
 
-    And the event "response.statusCode" equals 404
+    And the event "response.statusCode" equals 401
     And the event "response.headers.content-length" equals "37"
+    
+    # Response body is not captured for fetch requests
+    And the event "response.body" is null
+    And the event "response.bodyLength" is null
+
+  Scenario: Fetch Request - POST
+    When I navigate to the test URL "/http_errors?request=fetch-post"
+    And I wait to receive an error
+    Then the error is a valid browser payload for the error reporting API
+
+    And I define "expected.context" as "POST <browser.hostname>"
+    And I define "expected.exception.message" as "408: <browser.url>/reflect?status=408&userId=[REDACTED]"
+    And I define "expected.request.url" as "<browser.url>/reflect?status=408&userId=[REDACTED]"
+
+    And the exception "errorClass" equals "HTTPError"
+    And the error payload field "events.0.exceptions.0.message" equals the stored value "expected.exception.message"
+    And the event "severity" equals "error"
+    And the event "unhandled" is true
+    And the event "severityReason.type" equals "httpError"
+    And the error payload field "events.0.context" equals the stored value "expected.context"
+
+    And the error payload field "events.0.request.url" equals the stored value "expected.request.url"
+    And the event "request.httpMethod" equals "POST"
+    And the event "request.params.status" equals "408"
+    And the event "request.params.userId" equals "[REDACTED]"
+    And the event "request.headers.x-token" equals "[REDACTED]"
+    And the event "request.body" equals "this is the request body"
+    And the event "request.bodyLength" equals 24
+
+    And the event "response.statusCode" equals 408
+    And the event "response.headers.content-length" equals "37"
+
     # Response body is not captured for fetch requests
     And the event "response.body" is null
     And the event "response.bodyLength" is null
 
   @requires_xml_http_request
-  Scenario: XML HTTP Request
+  Scenario: XHR - GET
     When I navigate to the test URL "/http_errors?request=xhr"
     And I wait to receive an error
     Then the error is a valid browser payload for the error reporting API
@@ -56,10 +88,40 @@ Feature: HTTP Errors
     And the event "request.headers.X-Token" equals "[REDACTED]"
     And the event "request.params.status" equals "404"
     And the event "request.params.userId" equals "[REDACTED]"
-    And the event "request.body" equals ""
-    And the event "request.bodyLength" equals 0
+    And the event "request.body" is null
+    And the event "request.bodyLength" is null
 
     And the event "response.statusCode" equals 404
     And the event "response.headers.content-length" equals "37"
     And the event "response.body" equals "Returned status 404 after waiting  ms"
-    And the event "response.bodyLength" equals 37
+    And the event "response.bodyLength" equals 37
+
+  @requires_xml_http_request
+  Scenario: XHR - POST
+    When I navigate to the test URL "/http_errors?request=xhr-post"
+    And I wait to receive an error
+    Then the error is a valid browser payload for the error reporting API
+
+    And I define "expected.context" as "POST <browser.hostname>"
+    And I define "expected.exception.message" as "403: <browser.url>/reflect?status=403&userId=[REDACTED]"
+    And I define "expected.request.url" as "<browser.url>/reflect?status=403&userId=[REDACTED]"
+
+    And the exception "errorClass" equals "HTTPError"
+    And the error payload field "events.0.exceptions.0.message" equals the stored value "expected.exception.message"
+    And the event "severity" equals "error"
+    And the event "unhandled" is true
+    And the event "severityReason.type" equals "httpError"
+    And the error payload field "events.0.context" equals the stored value "expected.context"
+
+    And the error payload field "events.0.request.url" equals the stored value "expected.request.url"
+    And the event "request.httpMethod" equals "POST"
+    And the event "request.headers.X-Token" equals "[REDACTED]"
+    And the event "request.params.status" equals "403"
+    And the event "request.params.userId" equals "[REDACTED]"
+    And the event "request.body" equals "this is the request body"
+    And the event "request.bodyLength" equals 24
+
+    And the event "response.statusCode" equals 403
+    And the event "response.headers.content-length" equals "37"
+    And the event "response.body" equals "Returned status 403 after waiting  ms"
+    And the event "response.bodyLength" equals 37