Hi there,
I have a mapping set up to return 200 when a OPTIONS request is made. It returns the 200 but then doesn't continue with the original request.
Basically I make a POST request to a service ( Which I have mapped and mocked) bu the pre-flight request is mapped returns 200 but then that's it. It never makes the POST.
Any ideas or help would be great.
Here is my OPTIONS mapping.
{
"request": {
"url": "/service/security/getDetailsInfo",
"method": "OPTIONS"
},
"response": {
"status": 200,
"headers": {
"Access-Control-Allow-Origin": "http://localhost:8080",
"Access-Control-Allow-Headers": "OWASP_CSRFTOKEN, X-Requested-With",
"Access-Control-Allow-Methods": "GET, POST"
}
}
}
and here is the POST mapping
{
"request" : {
"url" : "/service/security/getDetailsInfo",
"method" : "POST",
"headers" : {
"Accept" : {
"equalTo" : "*/*"
}
}
},
"response" : {
"status" : 200,
"bodyFileName" : "details.json",
"headers" : {}
},
}
Isn't CORS only a browser "limitation"? I mean that's the browser intercepting a CORS request and issuing an OPTIONS before the concrete method to check if you have access or not. I don't think Wiremock is the problem here :/
Which client are you using?
You are correct, I just needed to return a view extra cors headers.
A few*
hey! I too am facing a similar issue - what were the additional headers you added to make this work ? Appreciate if you could elaborate it here on how you debug this kind of an issue.
Hey, I can't remember exactly what they were but it was something like this.
{
"request": {
"url": "*",
"method": "OPTIONS"
},
"response": {
"status": 200,
"headers": {
"Access-Control-Allow-Origin": "http://localhost:8080",
"Access-Control-Allow-Headers": "OWASP_CSRFTOKEN, X-Requested-With",
"Access-Control-Allow-Methods": "GET, POST"
}
}
}
Basically, I just needed to make this mapping a kind of catch all for all OPTIONS requests regardless of the url. Hope this makes sense.
If you are having trouble figuring out what gets returned you could try the recording functionality and capture all the correct headers. That's what I did.
If someone is interested, I have the solution for all your OPTIONS requests :
{
"request": {
"urlPathPattern": ".*",
"method": "OPTIONS"
},
"response": {
"status": 200,
"headers": {
"Access-Control-Allow-Origin": "http://localhost:8080",
"Access-Control-Allow-Headers": "OWASP_CSRFTOKEN, X-Requested-With, Authorization",
"Access-Control-Allow-Methods": "GET, POST"
}
}
}
Secret is : "urlPathPattern": ".*" for all requests
<3
Most helpful comment
If someone is interested, I have the solution for all your OPTIONS requests :
{ "request": { "urlPathPattern": ".*", "method": "OPTIONS" }, "response": { "status": 200, "headers": { "Access-Control-Allow-Origin": "http://localhost:8080", "Access-Control-Allow-Headers": "OWASP_CSRFTOKEN, X-Requested-With, Authorization", "Access-Control-Allow-Methods": "GET, POST" } } }Secret is :
"urlPathPattern": ".*"for all requests<3