How to handle CORS in mountebank?

1,489 views
Skip to first unread message

keng...@ebay.com

unread,
Jan 25, 2017, 8:47:49 PM1/25/17
to mountebank-discuss
Hello,
In my stub, i have added the following to accommodate CORS. But, i'm still getting error. Any idea?
thanks.


Stub snip:----------------------------

"responses": [
{
"is": {
"statusCode": 200,
"headers": {
"Content-Type": "application/json",
"Access-Control-Allow-Headers": "Origin, Content-Type, X-Auth-Token",
"Access-Control-Allow-Methods": "GET, POST, PUT, OPTIONS",
"Access-Control-Allow-Origin": "*"
},


Error:---------------------------------------

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://local.dev.com:9900' is therefore not allowed access.

Brandon Byars

unread,
Jan 26, 2017, 1:29:51 PM1/26/17
to keng...@ebay.com, mountebank-discuss
Hi there,
Reading https://www.html5rocks.com/en/tutorials/cors/, it looks like you'll need to set up an answer to the preflight that looks something like this:

The request they show is:

OPTIONS /cors HTTP/1.1
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: X-Custom-Header
Accept-Language: en-US
Connection: keep-alive
User-Agent: Mozilla/5.0...

and the response is

Access-Control-Allow-Origin: http://api.bob.com
Access-Control-Allow-Methods: GET, POST, PUT 
Access-Control-Allow-Headers: X-Custom-Header
Content-Type: text/html; charset=utf-8

which could work as something like this in mountebank (typed into email so probably JSON mistakes):

{
  "predicates": [{
    "equals": {
      "method": "OPTIONS"
    }
  }],
  "responses": [{
    "is": {
      "headers": {
        "Access-Control-Allow-Origin": "${ALLOW-ORIGIN}",
        "Access-Control-Allow-Methods": "GET, POST, PUT",
        "Access-Control-Allow-Headers": "${ALLOW-HEADERS}"
      }
    },
    "_behaviors": {
      "copy": [
        {
          "from": { "headers": "Access-Control-Allow-Origin" },
          "into": "${ALLOW-ORIGIN},
          "using": { "method": "regex", "selector": ".+" }
        },
        {
          "from": { "headers": "Access-Control-Allow-Headers" },
          "into": "${ALLOW-HEADERS},
          "using": { "method": "regex", "selector": ".+" }
        }
      ]
    }    
  }]
}

You don't have to use the copy behavior if you want to hard-code for the specific request, but it allows you to always respond with what the client asked for. There's a few other options listed on the link above based on what the server provides. 

Hope that helps, For what it's worth, enough people have asked about this that i'd like to add something that does it for you, just haven't had time yet (https://github.com/bbyars/mountebank/issues/184).
-Brandon




--
You received this message because you are subscribed to the Google Groups "mountebank-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mountebank-discuss+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

akar...@gmail.com

unread,
Feb 15, 2017, 8:07:38 AM2/15/17
to mountebank-discuss, keng...@ebay.com

I managed to get it working with this:

{
"predicates": [
{
"equals": {
"method": "OPTIONS"
}
}
],
"responses": [
{
"is": {
"headers": {

"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Methods": "GET, POST, PUT, PATCH, DELETE",


"Access-Control-Allow-Headers": "${ALLOW-HEADERS}"
}
},
"_behaviors": {
"copy": [
{
"from": {

"headers": "Access-Control-Request-Headers"


},
"into": "${ALLOW-HEADERS}",
"using": {
"method": "regex",
"selector": ".+"
}
}
]
}
}
]
}

Note that the response contains "Allow" and the request contains "Request" in the header names. I also had to "Access-Control-Allow-Origin": "*" to every response apart from OPTIONS.

Reply all
Reply to author
Forward
0 new messages