I've been used wiremock effectively for some time now, and I wanted to enable CORS access to the mocked APIs.
I've tried setting Access-Control-Allow-Origin: * and other headers in the response header, both to no avail.
Here's an example of a mapping that I have:
{
"request": {
"method": "POST",
"urlPattern": "/api/v2/general/login[\\/\\&\\?]*",
"bodyPatterns": [{
"equalToJson": "{\"password\":\"password\",\"username\":\"[email protected]\"} ",
"jsonCompareMode": "LENIENT",
"ignoreArrayOrder" : true,
"ignoreExtraElements" : true
}]
},
"response": {
"status": 200,
"headers": {
"Content-Type": "application/json",
"Access-Control-Allow-Origin" : "*",
"Access-Control-Allow-Methods" : "*",
"Access-Control-Allow-Headers": "Accept, Content-Type, Content-Encoding, Server, Transfer-Encoding",
"X-Content-Type-Options" : "nosniff",
"x-frame-options" : "DENY",
"x-xss-protection" : "1; mode=block"
},
"bodyFileName": "/login_response_johncougar.json"
}
}
What am I doing wrong here that's causing CORS to not work?
Thanks in advance.
To get rid of a CORS error, you can download a browser extension like CORS Unblock ↗. The extension appends Access-Control-Allow-Origin: * to every HTTP response when it is enabled. It can also add custom Access-Control-Allow-Origin and Access-Control-Allow-Methods headers to the responses.
Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
To solve this error, we need to add the CORS header to the server and give https://www.section.io access to the server response. Include the following in your index. js file. const cors = require('cors'); app.
I have just managed to fix this issue. Actually solution was here already Adding headers to Jetty in Wiremock.
Because your browser sends a CORS preflight request before making any actual request, you will need to set up your wiremock to stub the OPTIONS request and send back headers.
For example,Access-Control-Allow-Origin = "*",
Access-Control-Allow-Headers: "content-type",
Access-Control-Allow-Methods = "POST, GET"
.
Access-Control-Allow-Headers's value has to be the same values the Access-Control-Request-Headers header contained Request header field Access-Control-Allow-Headers is not allowed by itself in preflight response.
All your responses have to send back header "Access-Control-Allow-Origin": "*"
as well.
Here is a sample and this works
{
"request":
{
"urlPattern": "/country/([a-z]*)",
"method": "GET"
},
"response":
{
"status": 200,
"headers":
{
"Content-Type" : "application/json",
"Access-Control-Allow-Origin" : "*",
"Access-Control-Allow-Methods" : "*",
"Access-Control-Allow-Headers": "Accept, Content-Type, Content-Encoding, Server, Transfer-Encoding",
"X-Content-Type-Options" : "nosniff",
"x-frame-options" : "DENY",
"x-xss-protection" : "1; mode=block"
},
"body": "{ \"statusCode\" : \"S1000\", \"statusDescription\" : \"Success\", \"content\" : [ { \"id\" : \"1111\", \"name\" : \"aaaa\"}, { \"id\" : \"2222\", \"name\" : \"asd\" } ] }"
}
}
Use this as it is, wiremock is peculiar when it comes to spacing, here i have used a single space instead of tab, hope it helps.
I had the same problem. After a long time search without finding the solution I started to play with the groovy file and finally I found the solution.
You just need to add each header in header() method. this will solve the problem. So your sample groovy contract will be like this:
{
"request": {
"method": "POST",
"urlPattern": "/api/v2/general/login[\\/\\&\\?]*",
"bodyPatterns": [{
"equalToJson": "{\"password\":\"password\",\"username\":\"[email protected]\"} ",
"jsonCompareMode": "LENIENT",
"ignoreArrayOrder": true,
"ignoreExtraElements": true
}]
},
"response": {
"status": 200,
"headers": {
header("Content-Type": "application/json"),
header("Access-Control-Allow-Origin": "*"),
header("Access-Control-Allow-Methods": "*"),
header("Access-Control-Allow-Headers": "Accept, Content-Type, Content-Encoding, Server, Transfer-Encoding"),
header("X-Content-Type-Options": "nosniff"),
header("x-frame-options": "DENY"),
header("x-xss-protection": "1; mode=block")
},
"bodyFileName": "/login_response_johncougar.json"
}
}
I hope it will solve your problem (Actually it will be useful if you use groovy contracts).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With