HAR recording gaps: missing response bodies in edge cases

[davidcampbelldc]

Summary

Chrome DevTools HAR exports can silently omit response bodies for certain requests, causing correlation failures when the dynamic value only appears in a missing response. This is a fundamental limitation of browser-based HAR capture that affects complex applications like Salesforce Lightning.

Problem

During Salesforce testing, the aura.token (a JWT session token) could not be correlated because:

1. The token is bootstrapped in the initial one/one.app HTML page response via Aura.initConfig
2. Chrome recorded the request/response metadata correctly (size: 72356)
3. But the response body text was empty (textLen: 0) — Chrome simply didn't capture it
4. The token appears 213 times across subsequent requests but zero times in any response body in the HAR
5. Without the source response, correlation is impossible

This is a known Chrome DevTools limitation — large or streaming HTML responses are sometimes not captured in HAR exports, particularly initial page loads.

Impact

• Salesforce Lightning: aura.token, fwuid, and other bootstrap values from one/one.app
• Any SPA framework that bootstraps config/tokens in the initial HTML payload
• Applications using Server-Sent Events, WebSocket upgrades, or streaming responses
• Large HTML pages where Chrome truncates or skips the response body

Ideas to Explore

• Proxy-based recording mechanism (capture at network level, convert to HAR)
• Fiddler output integration (users have already requested this)
• Charles Proxy / mitmproxy session import
• Hybrid approach: HAR + supplementary capture for missing bodies
• Pre-flight HAR validation that flags entries with size > 0 but empty body

Note: This issue is for capturing the problem scope and gathering requirements. Solution design should come after understanding the full range of affected scenarios.

Reproduction

1. Record a Salesforce Lightning login + navigation in Chrome DevTools
2. Export as HAR
3. Search HAR for aura.token value — found only in request bodies, never in response bodies
4. Check the one/one.app entry: response.content.size > 0 but response.content.text is empty

Priority

2. HIGH — blocks correlation for major enterprise applications (Salesforce, potentially others)

---

Filed from Salesforce HAR testing session (2026-02-14)

[davidcampbelldc]

Linked: #54 (Fiddler .saz import)

Fiddler captures at the proxy level and gets complete response bodies that Chrome DevTools misses. Supporting .saz import solves both issues:

1. This issue: Proxy-level capture = no missing response bodies (fixes Salesforce aura.token scenario)
2. Fiddler .saz recording import facility (as alternative to HAR files) #54: Competitive feature requested by Wipro/Mohan

Approach: Convert .saz → HAR as a preprocessing step, then feed into the existing pipeline. No changes needed to correlation, test plan generation, or any downstream code.