Loadmill
Learn moreSchedule a demo
  • Introduction
    • Loadmill - AI - Powered Solution
    • Deviceless mobile testing
      • Capturing traffic with Loadmill MITM Proxy
      • Loadmill desktop recorder
        • Generating test flows
      • Installing certificate on mobile devices
        • iOS certificate installation
        • Android certificate installation
      • Configuring proxy on mobile devices
        • iOS Wi-Fi settings
        • Android Wi-Fi settings
      • Troubleshooting
    • What is an API
      • API - Data Fetching
      • Quick examples of API requests
      • What is an API endpoint?
    • API Server Testing
      • Contract testing
      • Regression Testing
  • Quick Guide
    • Create Account
    • Download Test Composer
    • Register your first API flow
    • Running Your API Test
  • Loadmill Test Composer
    • Quickstart
    • Composer Layout
    • Filter Settings
  • Test Editor
    • Layout
    • Flows
      • Generated Flow Code
      • Test Flow editor
      • Flow Controls
      • Add CSV to Flow
      • Flow Execution
    • Steps
      • Request step
      • Code step
      • Extraction & Assertion step
      • Web Socket step
    • Extractions - Set Parameters
    • Assertions - Verify Response
    • Parameters
      • Parameter Execution Order
      • Test Suite Parameters
      • Parameters Sets
    • ⨍(⨯) FUNCTIONS
    • Postscript
      • Running Postscript
      • Accessing w/ Postscript
      • Validating Postscript
    • Login/Authentication Flow
    • Before & After Hooks
  • Load Testing
    • Load Test Editor
    • Load Testing Guide
    • Analyzing Load Test Results
    • Parameterized Load Test
    • Domain Verification
    • Configuration Files
    • Load Testing FAQs
    • Load Testing Troubleshooting
  • User Behavior Testing
    • Overview
    • Setup
    • Recording troubleshooting
    • Additional recording methods
    • Recording settings
    • How to work with Recordings
  • Auth
    • Okta SSO integration
    • API Tokens
    • Testing with CORS
    • REST API
  • Integrations
    • Loadmill Agent
    • CI integration
    • GitHub
      • CI integration
      • Data sync
    • GitLab
    • Bitbucket
    • Jira
    • New Relic
    • Slack integration
    • TestRail integration
    • Database Testing
    • Kafka Testing
    • Datadog Integration
    • ✉️Email Testing
    • Webhook Testing
    • Integrations FAQs
    • XRay
    • TestRail
    • gRPC Support
  • Collaboration
    • Collaboration
    • Teams
    • Groups & Reports
    • Test Suite Collaboration
    • Reviews
    • Shared Flows
    • Labels
  • Reporting
    • API Catalog & Coverage
      • API Catalog
        • Unique Entity ID's Mapping
        • Domain Mapping and grouping
        • Endpoints grouping
        • OpenAPI upload
      • Test Coverage
        • Generating API test coverage report
  • General
    • Billing
      • Usage report
    • Settings
      • 📈Analytics
        • Flow Run History
      • 🧳Import & Export
    • General FAQs
    • General troubleshooting
    • Comparisons
      • Loadmill vs. SoapUI
      • Loadmill vs. JMeter
      • Loadmill vs. Blazemeter
      • Loadmill vs. WebdriverIO
      • Loadmill vs. Potato
    • Miscellaneous
      • Running a Test Suite
      • Test Plan
      • API Testing troubleshooting
      • API Testing FAQs
      • Test Editor
        • API Tests - Data from CSV files
Powered by GitBook
On this page
  • Testing with CORS
  • Express Middleware
  1. Auth

Testing with CORS

PreviousAPI TokensNextREST API

Last updated 3 years ago

Testing with CORS

For high volume load tests, uses real browser sessions to test your application/web server. This requires that you allow in your server code (just for us - no third parties need to be allowed).

mainly involves reading request headers and writing response headers accordingly on your server. The following example code shows exactly how to enable CORS for Loadmill tests in an application.

Express users don't need to copy this example, simply use our npm module:

var app = require("express")();

// Handle CORS before processing requests:
app.use(function (req, res, next) {
    // This request header contains the host of the CORS client:
    var origin = req.header("Origin");

    // This request header contains the HTTP request method: 
    var requestMethod = req.header("Access-Control-Request-Method");

    if (origin === "http://www.loadmill.com"
        || origin === "https://www.loadmill.com") {

        // This response header allows CORS from loadmill.com:
        res.header("Access-Control-Allow-Origin", origin);

        // This response header is required only if you use cookies in your tests:
        res.header("Access-Control-Allow-Credentials", 'true');

        if (req.method === 'OPTIONS' && origin && requestMethod) {
            // It's a pre-flight request:

            // This request header contains the request headers of the pre-flighted request:
            var requestHeaders = req.header("Access-Control-Request-Headers");

            setPreFlightHeaders(res, requestMethod || "", requestHeaders || "");
            return res.sendStatus(204);
        }
        else {
            // If your test scenario involves reading response headers, 
            // we automatically include them in this request header:
            var exposedHeaders = req.header("Loadmill-Request-Expose-Headers") || "";

            // This response header allows the test client to read the desired headers from the response:
            res.header("Access-Control-Expose-Headers", exposedHeaders);
        }
    }
    return next();
});

function setPreFlightHeaders(res, allowedMethod, allowedHeaders) {
    res.header({
        // This response header asks the browser not to pre-flight 
        // the same request URL again for the next 24 hours:
        "Access-Control-Max-Age": "86400",

        // These response headers approve the request method and headers specified:
        "Access-Control-Allow-Methods": allowedMethod,
        "Access-Control-Allow-Headers": allowedHeaders
    });
}

Express Middleware

If you are not sure how to enable CORS in your application or would like to see examples for different languages/frameworks, please contact us at .

If you are using and you can simply use our npm module: .

It may also be used for quick and easy .

Loadmill
CORS
Enabling CORS
express.js
express-loadmill
support@loadmill.com
node.js
express
express-loadmill
domain verification