var app = require("express")();
// Handle CORS before processing requests:
app.use(function (req, res, next) {
// This request header contains the host of the CORS client:
var origin = req.header("Origin");
// This request header contains the HTTP request method:
var requestMethod = req.header("Access-Control-Request-Method");
if (origin === "http://www.loadmill.com"
|| origin === "https://www.loadmill.com") {
// This response header allows CORS from loadmill.com:
res.header("Access-Control-Allow-Origin", origin);
// This response header is required only if you use cookies in your tests:
res.header("Access-Control-Allow-Credentials", 'true');
if (req.method === 'OPTIONS' && origin && requestMethod) {
// It's a pre-flight request:
// This request header contains the request headers of the pre-flighted request:
var requestHeaders = req.header("Access-Control-Request-Headers");
setPreFlightHeaders(res, requestMethod || "", requestHeaders || "");
return res.sendStatus(204);
// If your test scenario involves reading response headers,
// we automatically include them in this request header:
var exposedHeaders = req.header("Loadmill-Request-Expose-Headers") || "";
// This response header allows the test client to read the desired headers from the response:
res.header("Access-Control-Expose-Headers", exposedHeaders);
function setPreFlightHeaders(res, allowedMethod, allowedHeaders) {
// This response header asks the browser not to pre-flight
// the same request URL again for the next 24 hours:
"Access-Control-Max-Age": "86400",
// These response headers approve the request method and headers specified:
"Access-Control-Allow-Methods": allowedMethod,
"Access-Control-Allow-Headers": allowedHeaders