Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replay attack prevention bypass in response headers #912

Open
josephtate opened this issue Feb 12, 2025 · 1 comment
Open

Replay attack prevention bypass in response headers #912

josephtate opened this issue Feb 12, 2025 · 1 comment

Comments

@josephtate
Copy link

I'm running tests against an API that has replay attack prevention by passing a "Correlation-ID" in the request that is mirrored back in the response. I'd like to set up VCR so that the replay of each request replaces the header in BOTH the request and response because the API client library verifies it before returning to my code.
@josephtate
Copy link
Author

I was able to figure out how to monkey patch out the replay protection in the client library, so I'm not blocked.

Looking through the code, it seems that the Cassette object is the only part of VCR that has access to both the request and the response. The events that fire before recording only have access to one of the request or response pairs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@josephtate