How do we enable CORS in virtual service
search cancel

How do we enable CORS in virtual service


Article ID: 136025


Updated On:


CA Application Test Service Virtualization


We have a requirement to enable "Cross-Origin Resource Sharing" (CORS) in the virtual service.


All supported DevTest releases.




In general, CORS for any API calls can be enabled by adding below header details in VSI transaction->Response--> Meta Data





'access-control-allow-credentials (if needed)


 So, if your back-end application is expecting these headers from virtual service response, you can add these headers in VSI file for each response in "Meta Data" tab. 

Additional Information

If you are getting an error "Access to XMLHttpRequest at '' from origin '' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute." for the API call then setiing the below headers should help resolve the issue.

Access-Control-Allow-Credentials: true

Access-Control-Allow-Origin: ( use the origin where the request is initiated instead of *)