New Feature: Dont record specific request body #87
Description
Sometimes logging into a website requires posting form data as the request body and contains sensitive information which is recorded and printed during the tests.
Feature request to not record a specific Spider request body like
DONT_RECORD_REQUEST_BODY = [
'DashboardSpider.login'
]
The AUTOUNIT_DONT_TEST_REQUEST_ATTRS pops the item from every request. Using this to pop the body attr would render all the tests useless and still records the sensitivity data.
class DashboardSpider(scrapy.Spider):
def login(self, response):
self.log.info("Login page... Posting username & password")
token = response.css("input[name=_token]::attr(value)").get()
formdata = {
'user_name': os.getenv('USERNAME'),
'user_password': os.getenv('PASSWORD'),
'_token': token
}
return scrapy.FormRequest.from_response(response, formdata=formdata, callback=self.dashboard)Thanks for your time