We have a requirement to enable "Cross-Origin Resource Sharing" (CORS) in the virtual service.
All supported DevTest releases.
N/A
In general, CORS for any API calls can be enabled by adding below header details in VSI transaction->Response--> Meta Data
Access-Control-Allow-Origin
Access-Control-Allow-Methods
Access-Control-Max-Age
Access-Control-Allow-Headers
'access-control-allow-credentials (if needed)
So, if your back-end application is expecting these headers from virtual service response, you can add these headers in VSI file for each response in "Meta Data" tab.
If you are getting an error "Access to XMLHttpRequest at 'https://somehost.com:13051/remittance/v4/yamatoService' from origin 'https://www.w3schools.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute." for the API call then setiing the below headers should help resolve the issue.
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://www.w3schools.com/ ( use the origin where the request is initiated instead of *)
https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSAllowOriginNotMatchingOrigin