CORS (Cross-origin resource sharing)
CORS (Cross-origin resource sharing) is a web browser specification that defines a way for a web browser and web client to interact in such a way that cross-origin (requests to a server in a different domain) are allowed, for all HTTP methods.
Support for CORS in Enterprise Tester was introduced in version 4.4 and above, and currently supports:
- CORS without authentication (will use session authentication however, if user is already authenticated with the Enterprise Tester server in the same browser session).
- CORS with authentication (Enterprise Tester will handle both pre-flighted and immediate requests, by returning the "Access-Control-Allow-Credentials" header - allowing the use of Basic Authentication).
And as always, when using basic Auth, we recommend you access Enterprise Tester via HTTPS (SSL).
Examples of using CORS with Enterprise Tester can be found in the CORS Examples section of our API Github Repository.