How do we enable CORS in virtual service
search cancel

How do we enable CORS in virtual service

book

Article ID: 136025

calendar_today

Updated On:

Products

CA Application Test Service Virtualization

Issue/Introduction

We have a requirement to enable "Cross-Origin Resource Sharing" (CORS) in the virtual service.

Environment

All supported DevTest releases.

Cause

N/A

Resolution

In general, CORS for any API calls can be enabled by adding below header details in VSI transaction->Response--> Meta Data

 Access-Control-Allow-Origin 

 Access-Control-Allow-Methods 

 Access-Control-Max-Age 

 Access-Control-Allow-Headers 

'access-control-allow-credentials (if needed)

 

 So, if your back-end application is expecting these headers from virtual service response, you can add these headers in VSI file for each response in "Meta Data" tab. 

Additional Information

If you are getting an error "Access to XMLHttpRequest at 'https://somehost.com:13051/remittance/v4/yamatoService' from origin 'https://www.w3schools.com' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute." for the API call then setiing the below headers should help resolve the issue.

Access-Control-Allow-Credentials: true

Access-Control-Allow-Origin: https://www.w3schools.com/ ( use the origin where the request is initiated instead of *)

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSAllowOriginNotMatchingOrigin