Comment on page
Testing with CORS
Enabling CORS mainly involves reading request headers and writing response headers accordingly on your server. The following example code shows exactly how to enable CORS for Loadmill tests in an express.js application.
var app = require("express")();
// Handle CORS before processing requests:
app.use(function (req, res, next) {
// This request header contains the host of the CORS client:
var origin = req.header("Origin");
// This request header contains the HTTP request method:
var requestMethod = req.header("Access-Control-Request-Method");
if (origin === "http://www.loadmill.com"
|| origin === "https://www.loadmill.com") {
// This response header allows CORS from loadmill.com:
res.header("Access-Control-Allow-Origin", origin);
// This response header is required only if you use cookies in your tests:
res.header("Access-Control-Allow-Credentials", 'true');
if (req.method === 'OPTIONS' && origin && requestMethod) {
// It's a pre-flight request:
// This request header contains the request headers of the pre-flighted request:
var requestHeaders = req.header("Access-Control-Request-Headers");
setPreFlightHeaders(res, requestMethod || "", requestHeaders || "");
return res.sendStatus(204);
}
else {
// If your test scenario involves reading response headers,
// we automatically include them in this request header:
var exposedHeaders = req.header("Loadmill-Request-Expose-Headers") || "";
// This response header allows the test client to read the desired headers from the response:
res.header("Access-Control-Expose-Headers", exposedHeaders);
}
}
return next();
});
function setPreFlightHeaders(res, allowedMethod, allowedHeaders) {
res.header({
// This response header asks the browser not to pre-flight
// the same request URL again for the next 24 hours:
"Access-Control-Max-Age": "86400",
// These response headers approve the request method and headers specified:
"Access-Control-Allow-Methods": allowedMethod,
"Access-Control-Allow-Headers": allowedHeaders
});
}
If you are not sure how to enable CORS in your application or would like to see examples for different languages/frameworks, please contact us at [email protected].
Last modified 2yr ago