Service Virtualization

Expand all | Collapse all

Server-Side Access Control (CORS) issue

  • 1.  Server-Side Access Control (CORS) issue

    Posted 11-28-2016 06:12 AM

    Need your help to resolve cross-origin HTTP request coming from application pointing to LISA. We are building application using node js that calls a POST request on LISA server. We are seeing method OPTIONS instead of POST request with other custom headers and match doesn't happen due to this. From technical forum I understand that sending back the Access-Control-Allow-Origin: * header should resolve this but haven't been able to get this fixed. If anyone of you have tried cross domain traffic responded by virtual service then please let me know how it has been done. I am using LISA 7.5.2.



  • 2.  Re: Server-Side Access Control (CORS) issue

    Posted 11-28-2016 01:26 PM

    I could see some details around handling CORS here ..Server-Side Access Control (CORS) - HTTP | MDN  not sure how LISA handles this..please can someone have look at it?



  • 3.  Re: Server-Side Access Control (CORS) issue

    Posted 04-04-2017 10:10 AM

    Let me try to help here.

     

    I assume you have created your virtual service using RR pairs (as my assumption is if it was done using recording, you should have got the OPTIONS call also recorded)

     

    You could extend your service to log the incoming OPTIONS request & add another RR pair to send back appropriate response.

     

    You can refer to the following link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS to see sample requests/responses - which you will need to modify to suit your specific CORS requests.



  • 4.  Re: Server-Side Access Control (CORS) issue

    Posted 04-04-2017 10:44 AM

    Thanks Prem after 4 month I have someone in the community who got time to look into my request. This is important for us to get LISA enabled to support developers as code is being developed and tested in isolation and cannot afford to request for environment or spend time in creating manual stubs.

    You have rightly identified, I have created virtual service using RR pair. Firstly I am not getting OPTIONS method called when client invokes virtual service and reason the reason is we have removed request headers 

    and added response header Access-Control-Allow-Origin=* along with other header details. We can see that at virtual service does exact match and responds but for some reason response is not received at application (I don't have exact network error message of browser now) but will share when I complete my test.

     

    For adding OPTIONS method did you mean to add/copy transaction already created and modify the Operation to OPTION and include all the header mentioned in the link?

     

    As first step I want to prove without OPTIONS and see if application behave as expected and then include all the request/response header along with OPTIONS. Let me know if this approach is valid.