Testing CORS with cURL
It sounds like you are asking if there's a way to prevent curl from making a request at all. This is impossible. curl can always make a request to the server, with or without CORS.
However, curl can also be used to mimic a browser and verify how your server will react to CORS requests. By using the --verbose flag on curl requests, you can see the HTTP request and response headers, and verify that the CORS headers are working as expected. That is what this question covers: How can you debug a CORS request with cURL?
If CORS is enabled, you should see an Access-Control-Allow-Origin header in the response. If CORS is disabled, you should not see any Access-Control-* headers in the response.
Comments
-
David Dias almost 2 years
I've been implementing CORS in a lil app I have using node-restify to test it out and it turns out that in the browser, the behaviour is as expected, this means, in a different origin with CORS disabled, it doesn't work, if CORS is enabled, it works.
However, the tricky part is that with CURL, it always works! I've been following this question: How can you debug a CORS request with cURL?
I'm doing this:
curl -H 'Origin: http://example.com' http://cors.somewhere.comAnd using the node-restify example to debug
var restify = require('restify'); var srv = restify.createServer(); //srv.use(restify.CORS()); // I enable and disable by uncomment line function foo(req, res, next) { res.send("bananas"); next(); } srv.put('/foo', foo); srv.get('/foo', foo); srv.del('/foo', foo); srv.post('/foo', foo); srv.listen(process.env.PORT || 8080);What am I missing?
Thank you!